CVE-2023-1201

2023-03-0617:15:00

DEVOLUTIONS

www.cve.org

cve-2023-1201

security

access control

devolutions server

authenticated attacker

message uuid

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Devolutions Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0005