Vulnerabilidades em Devolutions
153 resultadosCVE-2023-1939MEDIUMNo access control for the OTP key on OTP entriesEPSS 0.4%CVE-2024-2241MEDIUMImproper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintendEPSS 0.4%CVE-2025-6523CRITICALUse of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authenticatEPSS 0.4%CVE-2024-4846MEDIUMAuthentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to aEPSS 0.4%CVE-2022-1342—A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching EPSS 0.4%CVE-2023-2118MEDIUMInsufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send suEPSS 0.4%CVE-2025-8353MEDIUMUI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a rEPSS 0.4%CVE-2024-1764HIGHImproper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continueEPSS 0.4%CVE-2025-12808MEDIUMImproper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custoEPSS 0.4%CVE-2025-1193HIGHImproper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows aEPSS 0.4%CVE-2025-2562MEDIUMInsufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a storedEPSS 0.4%CVE-2025-2600MEDIUMImproper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEPSS 0.4%CVE-2025-6741HIGHImproper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via theEPSS 0.4%CVE-2024-12148MEDIUMIncorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to acceEPSS 0.4%CVE-2026-3563MEDIUMImproper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with EPSS 0.3%CVE-2025-13683MEDIUMExposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions ServeEPSS 0.3%CVE-2024-1901MEDIUMDenial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with sEPSS 0.3%CVE-2025-2499MEDIUMClient side access control bypass in the permission component in
Devolutions Remote Desktop Manager on Windows. An authenticated user can eEPSS 0.3%CVE-2025-5382MEDIUMImproper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to rEPSS 0.3%CVE-2026-4924HIGHImproper
authentication in the two-factor authentication (2FA) feature in
Devolutions Server 2026.1.11 and earlier allows a remote attackeEPSS 0.3%