Vulnerabilities > Devolutions > Devolutions Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-5240 | Unspecified vulnerability in Devolutions Server Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | 7.5 |
| 2023-03-01 | CVE-2023-0951 | Unspecified vulnerability in Devolutions Server Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | 8.8 |
| 2023-03-01 | CVE-2023-0953 | SQL Injection vulnerability in Devolutions Server Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | 8.8 |
| 2022-07-07 | CVE-2022-33996 | Incorrect Default Permissions vulnerability in Devolutions Server Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | 8.8 |
| 2021-04-14 | CVE-2021-28157 | SQL Injection vulnerability in Devolutions Server An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | 7.2 |
| 2021-04-01 | CVE-2021-23924 | Information Exposure Through Log Files vulnerability in Devolutions Server An issue was discovered in Devolutions Server before 2020.3. | 7.5 |
| 2021-04-01 | CVE-2021-23923 | Improper Authentication vulnerability in Devolutions Server An issue was discovered in Devolutions Server before 2020.3. | 8.1 |