Vulnerabilities > Devolutions > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2023-2400 | Incomplete Cleanup vulnerability in Devolutions Server Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. | 2.7 |
| 2023-01-26 | CVE-2023-0463 | Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.29/2022.3.30 The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. | 3.3 |
| 2022-07-06 | CVE-2022-2316 | Cross-site Scripting vulnerability in Devolutions Server HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | 3.5 |
| 2022-06-15 | CVE-2022-1342 | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. | 2.1 |
| 2021-04-01 | CVE-2021-23922 | Cross-site Scripting vulnerability in Devolutions Remote Desktop Manager An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. | 3.5 |
| 2021-04-01 | CVE-2021-28047 | Cross-site Scripting vulnerability in Devolutions Remote Desktop Manager Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. | 3.5 |