Devolutions: >> Devolutions Server Security Vulnerabilities
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
CVSS Score
2.6
EPSS Score
0.001
Published
2021-07-12
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-14
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-04-14
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-04-01
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-04-01
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-04-01
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-01
Page 10