CVE-2023-6588



Offline mode is always enabled, even if permission disallows it, in 
Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and 
earlier. This allows an attacker with access to the Workspace 
application to access credentials when offline.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
DEVOLUTIONSCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
devolutionsworkspace
𝑥
≤ 2023.3.2.0
𝑥
= Vulnerable software versions
References
https://devolutions.net/security/advisories/DEVO-2023-0022/
https://devolutions.net/security/advisories/DEVO-2023-0022/