Portal 
Forum 
Devolutions Force 
Devolutions Hub Business 
Devolutions Hub Personal 
Devolutions Send 
Devolutions Academy 
RDM 
Workspace 
Launcher 
Sicherheit & Regelkonformität
Wir halten die höchsten Standards ein, um Ihre Daten zu schützen und Vertrauen zu gewährleisten.
DEVO-2024-0017
Devolutions Server and Remote Desktop Manager are affected by vulnerabilities
Betroffene Produkte
Änderungsprotokoll
2024/12/4 - Initial publication
5.3 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Incorrect authorization in report permission validation component
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.
Betroffene Produkte
CVE(s)
CVE-2024-12148
Behebungen und Workarounds
Upgrade to Devolutions Server 2024.3.7.0 or higher
8.6 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Incorrect permission assignment in temporary access requests component
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
Betroffene Produkte
CVE(s)
CVE-2024-12149
Behebungen und Workarounds
Upgrade to Remote Desktop Manager 2024.3.20.0 or higher
2.3 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Incorrect permission assignment in the user migration feature
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.
Betroffene Produkte
CVE(s)
CVE-2024-12151
Behebungen und Workarounds
Upgrade to Devolutions Server 2024.3.9.0 or higher
7.1 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Incorrect authorization in the view password permission component in Devolutions Server
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.
The user must have access to the entry to exploit the vulnerability.
Betroffene Produkte
CVE(s)
CVE-2024-12196
Behebungen und Workarounds
Upgrade to Devolutions Server 2024.3.8.0 or higher
