Vulnerabilities > Devolutions > Low

DATE CVE VULNERABILITY TITLE RISK
2023-06-20 CVE-2023-2400 Incomplete Cleanup vulnerability in Devolutions Server
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
network
low complexity
devolutions CWE-459
2.7
2023-01-26 CVE-2023-0463 Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.29/2022.3.30
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
local
low complexity
devolutions
3.3
2022-07-06 CVE-2022-2316 Cross-site Scripting vulnerability in Devolutions Server
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
3.5
2022-06-15 CVE-2022-1342 Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data.
local
low complexity
devolutions CWE-522
2.1
2021-04-01 CVE-2021-23922 Cross-site Scripting vulnerability in Devolutions Remote Desktop Manager
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12.
3.5
2021-04-01 CVE-2021-28047 Cross-site Scripting vulnerability in Devolutions Remote Desktop Manager
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
3.5