Devolutions

Devolutions Server

91 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
0

CVE-2026-12105

  • EPSS 0.2%
  • Veröffentlicht 16.06.2026 18:28:04
  • Zuletzt bearbeitet 16.06.2026 20:41:35

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

0

CVE-2026-12117

  • EPSS 0.18%
  • Veröffentlicht 16.06.2026 18:25:19
  • Zuletzt bearbeitet 16.06.2026 20:41:35

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request.

0

CVE-2026-11890

  • EPSS 0.16%
  • Veröffentlicht 16.06.2026 18:24:00
  • Zuletzt bearbeitet 16.06.2026 20:41:35

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

6.5

CVE-2026-10544

  • EPSS 0.2%
  • Veröffentlicht 08.06.2026 18:26:45
  • Zuletzt bearbeitet 12.06.2026 18:07:47

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected ...

4.3

CVE-2026-10787

  • EPSS 0.16%
  • Veröffentlicht 08.06.2026 18:26:25
  • Zuletzt bearbeitet 12.06.2026 17:56:32

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : * Devolutions Server 2026.2.4.0 ...

6.5

CVE-2026-10786

  • EPSS 0.15%
  • Veröffentlicht 08.06.2026 18:26:09
  • Zuletzt bearbeitet 12.06.2026 17:56:50

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : ...

5.4

CVE-2026-9522

  • EPSS 0.14%
  • Veröffentlicht 02.06.2026 14:08:07
  • Zuletzt bearbeitet 02.06.2026 20:54:12

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations.

5.3

CVE-2026-9590

  • EPSS 0.18%
  • Veröffentlicht 02.06.2026 14:07:08
  • Zuletzt bearbeitet 02.06.2026 20:53:16

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission.

4.3

CVE-2026-5146

  • EPSS 0.16%
  • Veröffentlicht 12.05.2026 17:28:21
  • Zuletzt bearbeitet 26.05.2026 12:51:35

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following vers...

4.3

CVE-2026-8407

  • EPSS 0.2%
  • Veröffentlicht 12.05.2026 16:16:50
  • Zuletzt bearbeitet 26.05.2026 12:32:46

Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects ...