Devolutions 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk sql injection, and vendor risk input validation に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-12151 | Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | [email protected] | 5.0 | 0.26% | 2024-12-04 | 2026-06-17 |
| CVE-2024-12149 | Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | [email protected] | 8.1 | 0.58% | 2024-12-04 | 2026-06-17 |
| CVE-2024-12148 | Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | [email protected] | 4.3 | 0.35% | 2024-12-04 | 2026-06-17 |
| CVE-2024-11672 | Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | [email protected] | 4.3 | 0.53% | 2024-11-25 | 2026-06-17 |
| CVE-2024-11671 | Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | [email protected] | 5.4 | 0.50% | 2024-11-25 | 2026-06-17 |
| CVE-2024-11670 | Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. | [email protected] | 5.4 | 0.63% | 2024-11-25 | 2026-06-17 |
| CVE-2024-10971 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | [email protected] | 4.3 | 0.51% | 2024-11-12 | 2026-06-17 |
| CVE-2024-7421 | An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | [email protected] | 5.5 | 0.15% | 2024-09-25 | 2026-06-17 |
| CVE-2024-6512 | Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | [email protected] | 6.5 | 0.29% | 2024-09-25 | 2026-06-17 |
| CVE-2024-6492 | Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. | [email protected] | 7.4 | 0.55% | 2024-07-16 | 2026-06-17 |
| CVE-2024-6354 | Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard. | [email protected] | 7.2 | 0.79% | 2024-06-26 | 2026-06-17 |
| CVE-2024-4846 | Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab. | [email protected] | 6.3 | 0.39% | 2024-06-25 | 2026-06-17 |
| CVE-2024-6057 | Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. | [email protected] | 9.8 | 0.92% | 2024-06-17 | 2026-06-17 |
| CVE-2024-6055 | Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file. | [email protected] | 4.7 | 0.50% | 2024-06-17 | 2026-06-17 |
| CVE-2024-5072 | Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request. | [email protected] | 6.5 | 0.68% | 2024-05-17 | 2026-06-17 |
| CVE-2024-3545 | Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. | [email protected] | 4.3 | 0.28% | 2024-04-09 | 2026-06-17 |
| CVE-2024-2918 | Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request. | [email protected] | 3.6 | 0.24% | 2024-04-09 | 2026-06-17 |
| CVE-2024-2921 | Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. | [email protected] | 9.8 | 0.79% | 2024-03-26 | 2026-06-17 |
| CVE-2024-2915 | Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. | [email protected] | 8.8 | 0.65% | 2024-03-26 | 2026-06-17 |
| CVE-2024-2403 | Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory. | [email protected] | 5.9 | 0.42% | 2024-03-13 | 2026-06-17 |