Vulnerabilities > Devolutions > Devolutions Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2022-33996 | Incorrect Default Permissions vulnerability in Devolutions Server Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | 6.5 |
| 2021-07-12 | CVE-2021-36382 | Insufficiently Protected Credentials vulnerability in Devolutions Server Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | 4.3 |
| 2021-04-01 | CVE-2021-23925 | Cross-site Scripting vulnerability in Devolutions Server An issue was discovered in Devolutions Server before 2020.3. | 4.3 |
| 2021-04-01 | CVE-2021-23924 | Information Exposure Through Log Files vulnerability in Devolutions Server An issue was discovered in Devolutions Server before 2020.3. | 5.0 |
| 2021-04-01 | CVE-2021-23923 | Improper Authentication vulnerability in Devolutions Server An issue was discovered in Devolutions Server before 2020.3. | 4.9 |
| 2021-04-01 | CVE-2021-23921 | Unspecified vulnerability in Devolutions Server An issue was discovered in Devolutions Server before 2020.3. | 6.4 |