advisories

Sicherheit & Regelkonformität

Wir halten die höchsten Standards ein, um Ihre Daten zu schützen und Vertrauen zu gewährleisten.

Warnungen Ein sicherheitsproblem melden warnungen Trust Center

Back to listing

DEVO-2023-0003

Devolutions Server is affected by multiple security vulnerabilities.

Betroffene Produkte

Devolutions Server

2022.3.12 and below.

Änderungsprotokoll

Initial publication - 2023-02-22

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

SQL Injection in the documentation component

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Betroffene Produkte

CVE(s)

CVE-2023-0953

Behebungen und Workarounds

Upgrade to Devolutions Server 2022.3.13 or higher

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Improper access control on endpoints in Devolutions Server

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

Betroffene Produkte

CVE(s)

CVE-2023-0951

Behebungen und Workarounds

Upgrade to Devolutions Server to 2022.3.13 or higher.

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Improper access controls on entries in Devolutions Server

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

Betroffene Produkte

CVE(s)

CVE-2023-0952

Behebungen und Workarounds

Upgrade Devolutions Server to 2022.3.13 and higher