CVE-2023-0951
https://notcve.org/view.php?id=CVE-2023-0951
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. • https://devolutions.net/security/advisories/DEVO-2023-0003 •
CVE-2023-0953
https://notcve.org/view.php?id=CVE-2023-0953
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-0661
https://notcve.org/view.php?id=CVE-2023-0661
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. • https://devolutions.net/security/advisories/DEVO-2023-0002 •
CVE-2022-3781
https://notcve.org/view.php?id=CVE-2022-3781
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. La contraseña de Dashlane y la contraseña del Keepass Server en My Account Settings no están cifradas en la base de datos en Devolutions Remote Desktop Manager 2022.2.26 y versiones anteriores y en Devolutions Server 2022.3.1 y versiones anteriores, lo que permite a los usuarios de la base de datos leer los datos. Este problema afecta a: Remote Desktop Manager 2022.2.26 y versiones anteriores. Devolutions Server 2022.3.1 y versiones anteriores. • https://devolutions.net/security/advisories/DEVO-2022-0009 • CWE-311: Missing Encryption of Sensitive Data CWE-522: Insufficiently Protected Credentials •