Security & Compliance

DEVO-2023-0003

Zusammenfassung

Devolutions Server is affected by multiple security vulnerabilities.

Betroffene Produkte

Devolutions Server 2022.3.12 and below.

Änderungsprotokoll

Initial publication - 2023-02-22

Schweregrad

High

Produkt

Devolutions Server

Behobene Version

2022.3.13

SQL Injection in the documentation component

Beschreibung

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Behebungen und Workarounds

Upgrade to Devolutions Server 2022.3.13 or higher

Schweregrad

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

Betroffene Produkte

Devolutions Server 2022.3.12 and earlier.

CVE(s)

CVE-2023-0953

Improper access control on endpoints in Devolutions Server

Beschreibung

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

Behebungen und Workarounds

Upgrade to Devolutions Server to 2022.3.13 or higher.

Schweregrad

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Betroffene Produkte

Devolutions Server 2022.3.12 and earlier

CVE(s)

CVE-2023-0951

Improper access controls on entries in Devolutions Server

Beschreibung

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

Behebungen und Workarounds

Upgrade Devolutions Server to 2022.3.13 and higher

Schweregrad

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Betroffene Produkte

Devolutions Server 2022.3.12 and earlier

CVE(s)

CVE-2023-0952

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions