Devolutions Server 2024.3.17.0

CPE Details

Devolutions Server 2024.3.17.0
devolutions
devolutions_server
2024.3.17.0
2025-06-17
16h52 +00:00
2025-06-17
16h52 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:devolutions:devolutions_server:2024.3.17.0:*:*:*:*:*:*:*

Informations

Vendor

devolutions

Product

devolutions_server

Version

2024.3.17.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-8312 2025-07-30 16h10 +00:00 Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.2.0 through 2025.2.5.0 * Devolutions Server 2025.1.12.0 and earlier
7.1
High
CVE-2025-8353 2025-07-30 16h06 +00:00 UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
5.9
Medium
CVE-2025-5382 2025-06-05 13h37 +00:00 Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
6.8
Medium
CVE-2025-3768 2025-06-05 13h36 +00:00 Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
5
Medium
CVE-2025-4433 2025-05-30 12h16 +00:00 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.