Sécurité et conformité
DEVO-2025-0007
Résumé
Devolutions Server is affected by a vulnerability.
Produits affectés
Devolutions Server 2025.1.3.0 through 2025.1.6.0Devolutions Server 2024.3.16 and earlier
Journal des modifications
2025/05/05 - Initial publication 2025/05/14 - Added new fix versions.
Sévérité
High
Produit
Devolutions Server
Version corrigée
2025.1.7.0, 2024.3.17.0
Improper access control in PAM feature
Description
Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.1.7.0 or higherUpdate to Devolutions Server 2024.3.17.0 or higher
Sévérité
8.3 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Produits affectés
Devolutions Server 2025.1.3.0 through 2025.1.6.0Devolutions Server 2024.3.16 and earlier
CVE(s)
CVE-2025-4316