Security & Compliance

DEVO-2023-0005

Zusammenfassung

Devolutions Server secure messages feature is affected by a security vulnerability.

Betroffene Produkte

Devolutions Server 2022.3.12 and below

Änderungsprotokoll

Initial publication - 2023-03-06

Schweregrad

Medium

Produkt

Devolutions Server

Behobene Version

2022.3.13

Improper access control in the secure messages feature

Beschreibung

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.

Devolutions Server uses a secure CSPRNG to generate UUID which would, in theory, not allow an attacker to brute force or guess this ID. Therefore, the attacker must find another vulnerability to exploit this issue.

Behebungen und Workarounds

Upgrade to Devolutions Server 2022.3.13 and higher.

Schweregrad

Medium - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 5.3

Betroffene Produkte

Devolutions Server 2022.3.12 and below.

CVE(s)

CVE-2023-1201

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions