Page 3 of 22 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. • https://devolutions.net/security/advisories/DEVO-2023-0003 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. La contraseña de Dashlane y la contraseña del Keepass Server en My Account Settings no están cifradas en la base de datos en Devolutions Remote Desktop Manager 2022.2.26 y versiones anteriores y en Devolutions Server 2022.3.1 y versiones anteriores, lo que permite a los usuarios de la base de datos leer los datos. Este problema afecta a: Remote Desktop Manager 2022.2.26 y versiones anteriores. Devolutions Server 2022.3.1 y versiones anteriores. • https://devolutions.net/security/advisories/DEVO-2022-0009 • CWE-311: Missing Encryption of Sensitive Data CWE-522: Insufficiently Protected Credentials •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. Una administración incorrecta de permisos en Devolutions Server versiones anteriores a 2022.2, permite que un nuevo usuario con un nombre de usuario preexistente herede los permisos de ese usuario anterior • https://devolutions.net https://devolutions.net/security/advisories/DEVO-2022-0006 • CWE-276: Incorrect Default Permissions •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. Una vulnerabilidad de inyección de HTML en los mensajes seguros de Devolutions Server versiones anteriores a 2022.2 permite a atacantes alterar la representación de la página o redirigir a un usuario a otro sitio • https://devolutions.net/security/advisories/DEVO-2022-0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •