Devolutions: >> Devolutions Server >> 2020.3.18 Security Vulnerabilities
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-07-07
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-06
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
CVSS Score
2.6
EPSS Score
0.001
Published
2021-07-12
Page 5