Sécurité et conformité

Devolutions Server is affected by multiple security vulnerabilities.

Devolutions Server 2022.3.12 and below.

Initial publication - 2023-02-22

High

Devolutions Server

2022.3.13

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Upgrade to Devolutions Server 2022.3.13 or higher

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

Devolutions Server 2022.3.12 and earlier.

CVE-2023-0953

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

Upgrade to Devolutions Server to 2022.3.13 or higher.

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Devolutions Server 2022.3.12 and earlier

CVE-2023-0951

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

Upgrade Devolutions Server to 2022.3.13 and higher

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Devolutions Server 2022.3.12 and earlier

CVE-2023-0952