RSS   Vulnerabilities for 'Devolutions server'   RSS

2022-07-07
 
CVE-2022-33996

CWE-276
 
 
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.

 
2022-07-06
 
CVE-2022-2316

CWE-79
 
 
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.

 
2021-07-12
 
CVE-2021-36382

CWE-295
 
 
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

 
2021-04-14
 
CVE-2021-28157

CWE-89
 
 
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.

 
 
CVE-2021-28048

CWE-346
 
 
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.

 
2021-04-01
 
CVE-2021-23925

CWE-79
 
 
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.

 
 
CVE-2021-23924

CWE-532
 
 
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

 
 
CVE-2021-23923

CWE-287
 
 
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.

 
 
CVE-2021-23921

NVD-CWE-Other
 
 
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.

 

 >>> Vendor: Devolutions 5 Products
GFWX
Devolutions server
Remote desktop manager
Password hub
Workspace

Copyright 2024, cxsecurity.com

 

Back to Top