Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4433 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 8.8 HIGH |
| Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | |||||
| CVE-2025-5382 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 6.8 MEDIUM |
| Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | |||||
| CVE-2025-0691 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 5.0 MEDIUM |
| Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation. | |||||
| CVE-2025-3768 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 5.0 MEDIUM |
| Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. | |||||
| CVE-2024-10971 | 1 Devolutions | 1 Devolutions Server | 2025-06-27 | N/A | 4.3 MEDIUM |
| Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | |||||
| CVE-2025-4493 | 1 Devolutions | 1 Devolutions Server | 2025-06-25 | N/A | 6.5 MEDIUM |
| Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier | |||||
| CVE-2025-3517 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | N/A | 6.3 MEDIUM |
| Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | |||||
| CVE-2025-4316 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | N/A | 4.3 MEDIUM |
| Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0. | |||||
| CVE-2022-3781 | 1 Devolutions | 2 Devolutions Server, Remote Desktop Manager | 2025-05-05 | N/A | 6.5 MEDIUM |
| Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | |||||
| CVE-2025-2280 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 8.1 HIGH |
| Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. | |||||
| CVE-2025-2278 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.5 MEDIUM |
| Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID. | |||||
| CVE-2025-2277 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.5 HIGH |
| Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | |||||
| CVE-2025-2003 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.1 HIGH |
| Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | |||||
| CVE-2024-5072 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.5 MEDIUM |
| Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request. | |||||
| CVE-2024-4846 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.3 MEDIUM |
| Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab. | |||||
| CVE-2024-12148 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | |||||
| CVE-2024-12151 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 5.0 MEDIUM |
| Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | |||||
| CVE-2024-12196 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.5 MEDIUM |
| Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | |||||
| CVE-2025-1231 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | |||||
| CVE-2024-1764 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.6 HIGH |
| Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances | |||||