CVE-2021-23921

EUVD-2021-10844
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
devolutionsdevolutions_server
𝑥
< 2020.3
𝑥
= Vulnerable software versions
References
https://devolutions.net/security/advisories/devo-2021-0002
https://devolutions.net/security/advisories/devo-2021-0002