Sécurité et conformité
DEVO-2023-0003
Résumé
Devolutions Server is affected by multiple security vulnerabilities.
Produits affectés
Devolutions Server 2022.3.12 and below.
Journal des modifications
Initial publication - 2023-02-22
Sévérité
High
Produit
Devolutions Server
Version corrigée
2022.3.13
SQL Injection in the documentation component
Description
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2022.3.13 or higher
Sévérité
Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9
Produits affectés
Devolutions Server 2022.3.12 and earlier.
CVE(s)
CVE-2023-0953
Improper access control on endpoints in Devolutions Server
Description
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server to 2022.3.13 or higher.
Sévérité
High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5
Produits affectés
Devolutions Server 2022.3.12 and earlier
CVE(s)
CVE-2023-0951
Improper access controls on entries in Devolutions Server
Description
Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.
Mesures correctives et solutions de contournement
Upgrade Devolutions Server to 2022.3.13 and higher
Sévérité
Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5
Produits affectés
Devolutions Server 2022.3.12 and earlier
CVE(s)
CVE-2023-0952