Vulnerabilities > Devolutions > Devolutions Server > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-13 CVE-2023-5240 Unspecified vulnerability in Devolutions Server
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
network
low complexity
devolutions
7.5
2023-03-01 CVE-2023-0951 Unspecified vulnerability in Devolutions Server
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.
network
low complexity
devolutions
8.8
2023-03-01 CVE-2023-0953 SQL Injection vulnerability in Devolutions Server
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
network
low complexity
devolutions CWE-89
8.8
2022-07-07 CVE-2022-33996 Incorrect Default Permissions vulnerability in Devolutions Server
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
network
low complexity
devolutions CWE-276
8.8
2021-04-14 CVE-2021-28157 SQL Injection vulnerability in Devolutions Server
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
network
low complexity
devolutions CWE-89
7.2
2021-04-01 CVE-2021-23924 Information Exposure Through Log Files vulnerability in Devolutions Server
An issue was discovered in Devolutions Server before 2020.3.
network
low complexity
devolutions CWE-532
7.5
2021-04-01 CVE-2021-23923 Improper Authentication vulnerability in Devolutions Server
An issue was discovered in Devolutions Server before 2020.3.
network
low complexity
devolutions CWE-287
8.1