CVE-2023-1201
First published: Mon Mar 06 2023(Updated: )
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.
Credit: security@devolutions.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Devolutions Devolutions Server | <2022.3.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the improper access control in the secure messages feature in Devolutions Server?
The vulnerability ID is CVE-2023-1201.
What is the description of CVE-2023-1201?
CVE-2023-1201 is an improper access control vulnerability in the secure messages feature in Devolutions Server 2022.3.12 and below.
What is the severity rating of CVE-2023-1201?
CVE-2023-1201 has a severity rating of 6.5 (medium).
How does CVE-2023-1201 affect Devolutions Server?
CVE-2023-1201 allows an authenticated attacker with possession of the message UUID to access the data in the secure messages feature of Devolutions Server 2022.3.12 and below.
How can I fix CVE-2023-1201 in Devolutions Server?
To fix CVE-2023-1201, it is recommended to update Devolutions Server to version 2022.3.13 or later.
- collector/nvd-index
- agent/event
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/devolutions
- canonical/devolutions devolutions server