Sécurité et conformité

Avis Signaler un problème de sécurité Centre de confiance

DEVO-2023-0003

Résumé

Devolutions Server is affected by multiple security vulnerabilities.

Produits affectés

Devolutions Server 2022.3.12 and below.

Journal des modifications

Initial publication - 2023-02-22

Sévérité

High

Produit

Devolutions Server

Version corrigée

2022.3.13

SQL Injection in the documentation component

Description

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2022.3.13 or higher

Sévérité

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

Produits affectés

Devolutions Server 2022.3.12 and earlier.

CVE(s)

CVE-2023-0953

Improper access control on endpoints in Devolutions Server

Description

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server to 2022.3.13 or higher.

Sévérité

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Produits affectés

Devolutions Server 2022.3.12 and earlier

CVE(s)

CVE-2023-0951

Improper access controls on entries in Devolutions Server

Description

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

Mesures correctives et solutions de contournement

Upgrade Devolutions Server to 2022.3.13 and higher

Sévérité

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Produits affectés

Devolutions Server 2022.3.12 and earlier

CVE(s)

CVE-2023-0952