Avis de sécurité

Sécurité et conformité

Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.

Avis Signaler un problème de sécurité Centre de confiance

Retour à la liste

DEVO-2023-0003

Devolutions Server is affected by multiple security vulnerabilities.

Produits affectés

Devolutions Server

2022.3.12 and below.

Journal des modifications

Initial publication - 2023-02-22

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

SQL Injection in the documentation component

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Produits affectés

CVE(s)

CVE-2023-0953

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2022.3.13 or higher

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Improper access control on endpoints in Devolutions Server

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

Produits affectés

CVE(s)

CVE-2023-0951

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server to 2022.3.13 or higher.

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Improper access controls on entries in Devolutions Server

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

Produits affectés

CVE(s)

CVE-2023-0952

Mesures correctives et solutions de contournement

Upgrade Devolutions Server to 2022.3.13 and higher