本ページは devolutions devolutions_server に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-6523 | Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier | [email protected] | 9.5 | 0.38% | 2025-07-22 | 2025-11-25 |
| CVE-2025-5382 | Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | [email protected] | 6.8 | 0.34% | 2025-06-05 | 2025-07-02 |
| CVE-2025-3768 | Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. | [email protected] | 5.0 | 0.17% | 2025-06-05 | 2025-07-02 |
| CVE-2025-0691 | Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation. | [email protected] | 5.0 | 0.26% | 2025-06-05 | 2025-07-02 |
| CVE-2025-4433 | Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | [email protected] | 8.7 | 0.45% | 2025-05-30 | 2025-11-25 |
| CVE-2025-4493 | Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier | [email protected] | 6.5 | 0.31% | 2025-05-28 | 2025-06-25 |
| CVE-2025-4316 | Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0. | [email protected] | 4.3 | 0.30% | 2025-05-05 | 2025-06-17 |
| CVE-2025-3517 | Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | [email protected] | 6.3 | 0.27% | 2025-05-01 | 2025-06-17 |
| CVE-2025-2280 | Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. | [email protected] | 8.1 | 0.47% | 2025-03-13 | 2025-03-28 |
| CVE-2025-2278 | Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID. | [email protected] | 6.5 | 0.42% | 2025-03-13 | 2025-03-28 |
| CVE-2025-2277 | Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | [email protected] | 7.5 | 0.52% | 2025-03-13 | 2025-03-28 |
| CVE-2025-2003 | Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | [email protected] | 7.1 | 0.41% | 2025-03-05 | 2025-03-28 |
| CVE-2025-1231 | Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. | [email protected] | 5.4 | 0.32% | 2025-02-11 | 2025-03-28 |
| CVE-2024-12196 | Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | [email protected] | 6.5 | 0.45% | 2024-12-04 | 2025-03-28 |
| CVE-2024-12151 | Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | [email protected] | 5.0 | 0.26% | 2024-12-04 | 2025-03-28 |
| CVE-2024-12148 | Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | [email protected] | 4.3 | 0.35% | 2024-12-04 | 2025-03-28 |
| CVE-2024-10971 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | [email protected] | 4.3 | 0.51% | 2024-11-12 | 2025-06-27 |
| CVE-2024-6512 | Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | [email protected] | 6.5 | 0.29% | 2024-09-25 | 2025-03-14 |
| CVE-2024-4846 | Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab. | [email protected] | 6.3 | 0.39% | 2024-06-25 | 2025-03-28 |
| CVE-2024-5072 | Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request. | [email protected] | 6.5 | 0.68% | 2024-05-17 | 2025-03-28 |