Vulnerabilidades em Devolutions
152 resultadosCVE-2023-5575—
Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a EPSS 0.6%CVE-2023-5240—Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAEPSS 0.6%CVE-2023-1603MEDIUM
Permission bypass when importing or synchronizing entries in User vault
in Devolutions Server 2022.3.13 and prior versions allows users wEPSS 0.6%CVE-2023-1580HIGHUncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial ofEPSS 0.6%CVE-2023-5765—Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an atEPSS 0.6%CVE-2023-6588—
Offline mode is always enabled, even if permission disallows it, in
Devolutions Server data source in Devolutions Workspace 2023.3.2.0 aEPSS 0.6%CVE-2025-12485HIGHImproper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonateEPSS 0.6%CVE-2023-5766HIGH
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute coEPSS 0.6%CVE-2024-12149HIGHIncorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on WindEPSS 0.6%CVE-2024-6492HIGHExposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on WinEPSS 0.6%CVE-2022-3641HIGHElevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated useEPSS 0.6%CVE-2023-5358—Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vEPSS 0.5%CVE-2024-11672MEDIUMIncorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an autEPSS 0.5%CVE-2026-3204CRITICALImproper
input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displaEPSS 0.5%CVE-2022-3780HIGHDatabase connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deletEPSS 0.5%CVE-2023-6264—Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configureEPSS 0.5%CVE-2025-13757HIGHSQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.EPSS 0.5%CVE-2025-2277HIGHExposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leEPSS 0.5%CVE-2023-1980MEDIUMTwo factor
authentication
bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factorEPSS 0.5%CVE-2024-11671MEDIUMImproper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an aEPSS 0.5%