Security & Compliance
DEVO-2025-0007
Zusammenfassung
Devolutions Server is affected by a vulnerability.
Betroffene Produkte
Devolutions Server 2025.1.3.0 through 2025.1.6.0Devolutions Server 2024.3.16 and earlier
Änderungsprotokoll
2025/05/05 - Initial publication 2025/05/14 - Added new fix versions.
Schweregrad
High
Produkt
Devolutions Server
Behobene Version
2025.1.7.0, 2024.3.17.0
Improper access control in PAM feature
Beschreibung
Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.1.7.0 or higherUpdate to Devolutions Server 2024.3.17.0 or higher
Schweregrad
8.3 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Betroffene Produkte
Devolutions Server 2025.1.3.0 through 2025.1.6.0Devolutions Server 2024.3.16 and earlier
CVE(s)
CVE-2025-4316