Vulnerabilities > Devolutions

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-0953 SQL Injection vulnerability in Devolutions Server
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
network
low complexity
devolutions CWE-89
8.8
2023-02-12 CVE-2023-0661 Unspecified vulnerability in Devolutions Server
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
network
low complexity
devolutions
6.5
2023-01-26 CVE-2023-0463 Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.29/2022.3.30
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
local
low complexity
devolutions
3.3
2022-12-26 CVE-2022-26964 Improper Restriction of Excessive Authentication Attempts vulnerability in Devolutions Remote Desktop Manager
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack.
network
low complexity
devolutions CWE-307
7.5
2022-12-21 CVE-2022-4287 Unspecified vulnerability in Devolutions Remote Desktop Manager
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager  2022.3.26 and earlier on Windows allows malicious user to access the application.
network
low complexity
devolutions
8.8
2022-12-12 CVE-2022-3641 Unspecified vulnerability in Devolutions Remote Desktop Manager
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.
network
low complexity
devolutions
8.8
2022-11-01 CVE-2022-3780 Unspecified vulnerability in Devolutions Remote Desktop Manager
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
network
low complexity
devolutions
7.5
2022-11-01 CVE-2022-3781 Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager
Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions.
network
low complexity
devolutions CWE-522
6.5
2022-09-13 CVE-2022-3182 Unspecified vulnerability in Devolutions Remote Desktop Manager
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock.
local
high complexity
devolutions
7.0
2022-07-07 CVE-2022-33996 Incorrect Default Permissions vulnerability in Devolutions Server
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
network
low complexity
devolutions CWE-276
8.8