Vulnerabilities > Devolutions

DATE CVE VULNERABILITY TITLE RISK
2023-02-12 CVE-2023-0661 Unspecified vulnerability in Devolutions Server
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
network
low complexity
devolutions
6.5
2023-01-26 CVE-2023-0463 Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.29/2022.3.30
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
local
low complexity
devolutions
3.3
2022-12-21 CVE-2022-4287 Unspecified vulnerability in Devolutions Remote Desktop Manager
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager  2022.3.26 and earlier on Windows allows malicious user to access the application.
network
low complexity
devolutions
8.8
2022-12-12 CVE-2022-3641 Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.13/2022.3.24
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.
network
low complexity
devolutions
8.8
2022-11-01 CVE-2022-3780 Unspecified vulnerability in Devolutions Remote Desktop Manager
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
network
low complexity
devolutions
7.5
2022-11-01 CVE-2022-3781 Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager
Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions.
network
low complexity
devolutions CWE-522
6.5
2022-07-07 CVE-2022-33996 Incorrect Default Permissions vulnerability in Devolutions Server
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
network
low complexity
devolutions CWE-276
6.5
2022-07-06 CVE-2022-2316 Cross-site Scripting vulnerability in Devolutions Server
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
3.5
2022-06-27 CVE-2022-2221 Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users.
network
low complexity
devolutions CWE-522
4.0
2022-06-21 CVE-2022-33995 Path Traversal vulnerability in Devolutions Remote Desktop Manager
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.
network
low complexity
devolutions CWE-22
5.0