Vulnerabilities > Devolutions > Devolutions Server > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-13 CVE-2023-5240 Unspecified vulnerability in Devolutions Server
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
network
low complexity
devolutions
7.5
2023-03-01 CVE-2023-0951 Unspecified vulnerability in Devolutions Server
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.
network
low complexity
devolutions
8.8
2023-03-01 CVE-2023-0953 SQL Injection vulnerability in Devolutions Server
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
network
low complexity
devolutions CWE-89
8.8