Vulnerabilities in Devolutions
152 resultsCVE-2021-42098—An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via EPSS 1.6%CVE-2025-1635MEDIUMExposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows aEPSS 1.6%CVE-2025-1636MEDIUMExposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and EPSS 1.6%CVE-2023-1203—Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell ModuEPSS 1.1%CVE-2023-0953HIGHInsufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker toEPSS 1.0%CVE-2022-4287HIGHAuthentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicEPSS 1.0%CVE-2022-2221—Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users tEPSS 1.0%CVE-2023-0951HIGHImproper access controls on some API endpoints in Devolutions Server 2022.3.12
and earlier could allow a standard privileged user to perforEPSS 1.0%CVE-2023-2445MEDIUMImproper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator pEPSS 1.0%CVE-2024-6057CRITICALImproper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that EPSS 0.9%CVE-2023-1201—Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that posseEPSS 0.8%CVE-2024-2921CRITICALImproper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to tEPSS 0.8%CVE-2024-6354HIGHImproper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated userEPSS 0.8%CVE-2023-0661MEDIUMImproper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
EPSS 0.7%CVE-2023-6593—
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to thEPSS 0.7%CVE-2024-5072MEDIUMImproper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with accesEPSS 0.7%CVE-2023-0952MEDIUMImproper access controls on entries in Devolutions Server
2022.3.12 and earlier could allow an authenticated user to access
sensitive dataEPSS 0.7%CVE-2023-4373CRITICAL
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 anEPSS 0.7%CVE-2024-2915HIGHImproper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevatEPSS 0.6%CVE-2024-11670MEDIUMIncorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allowsEPSS 0.6%