Vulnerabilities > Devolutions > Devolutions Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2022-33996 Incorrect Default Permissions vulnerability in Devolutions Server
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
network
low complexity
devolutions CWE-276
6.5
2021-07-12 CVE-2021-36382 Insufficiently Protected Credentials vulnerability in Devolutions Server
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
4.3
2021-04-01 CVE-2021-23925 Cross-site Scripting vulnerability in Devolutions Server
An issue was discovered in Devolutions Server before 2020.3.
4.3
2021-04-01 CVE-2021-23924 Information Exposure Through Log Files vulnerability in Devolutions Server
An issue was discovered in Devolutions Server before 2020.3.
network
low complexity
devolutions CWE-532
5.0
2021-04-01 CVE-2021-23923 Improper Authentication vulnerability in Devolutions Server
An issue was discovered in Devolutions Server before 2020.3.
4.9
2021-04-01 CVE-2021-23921 Unspecified vulnerability in Devolutions Server
An issue was discovered in Devolutions Server before 2020.3.
network
low complexity
devolutions
6.4