Lucene search
DEVOLUTIONSCVE-2023-2400HistoryJun 20, 2023 - 5:15 p.m.
CVE-2023-2400
2023-06-2017:15:09
CWE-459
DEVOLUTIONS
web.nvd.nist.gov
18
cve-2023-2400
devolutions server
user management
improper deletion
database access
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
4
Confidence
High
EPSS
0.001
Percentile
18.0%
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
Affected configurations
Node
devolutionsdevolutions_serverRange<2023.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| devolutions | devolutions_server | * | cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"User Management"
],
"product": "Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2023.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-2400
2023-06-20 17:15:09
prion
prion
Design/Logic Flaw
2023-06-20 17:15:00
cvelist
cvelist
CVE-2023-2400
2023-06-20 16:19:50
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
4
Confidence
High
EPSS
0.001
Percentile
18.0%
Related for CVE-2023-2400