Security & Compliance
DEVO-2023-0003
Zusammenfassung
Devolutions Server is affected by multiple security vulnerabilities.
Betroffene Produkte
Devolutions Server 2022.3.12 and below.
Änderungsprotokoll
Initial publication - 2023-02-22
Schweregrad
High
Produkt
Devolutions Server
Behobene Version
2022.3.13
SQL Injection in the documentation component
Beschreibung
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
Behebungen und Workarounds
Upgrade to Devolutions Server 2022.3.13 or higher
Schweregrad
Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9
Betroffene Produkte
Devolutions Server 2022.3.12 and earlier.
CVE(s)
CVE-2023-0953
Improper access control on endpoints in Devolutions Server
Beschreibung
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.
Behebungen und Workarounds
Upgrade to Devolutions Server to 2022.3.13 or higher.
Schweregrad
High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5
Betroffene Produkte
Devolutions Server 2022.3.12 and earlier
CVE(s)
CVE-2023-0951
Improper access controls on entries in Devolutions Server
Beschreibung
Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.
Behebungen und Workarounds
Upgrade Devolutions Server to 2022.3.13 and higher
Schweregrad
Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5
Betroffene Produkte
Devolutions Server 2022.3.12 and earlier
CVE(s)
CVE-2023-0952