MAIN MENU

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

DEVO-2023-0003

Devolutions Server is affected by multiple security vulnerabilities.

Affected Products

Devolutions Server
2022.3.12 and below.

Change Log

Initial publication - 2023-02-22

SQL Injection in the documentation component

Critical - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 9.9

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

CVE(s)

CVE-2023-0953

Remediation and Workarounds

Upgrade to Devolutions Server 2022.3.13 or higher

Improper access control on endpoints in Devolutions Server

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 8.5

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

CVE(s)

CVE-2023-0951

Remediation and Workarounds

Upgrade to Devolutions Server to 2022.3.13 or higher.

Improper access controls on entries in Devolutions Server

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 6.5

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data such as passwords without proper authorization.

CVE(s)

CVE-2023-0952

Remediation and Workarounds

Upgrade Devolutions Server to 2022.3.13 and higher