Vulnerabilities > Devolutions > Devolutions Server > 2023.3.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-6512 | Incorrect Authorization vulnerability in Devolutions Server Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | 6.5 |
| 2024-03-05 | CVE-2024-1898 | Unspecified vulnerability in Devolutions Server Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. | 4.3 |
| 2023-11-22 | CVE-2023-6264 | Information Exposure vulnerability in Devolutions Server Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. | 5.3 |