Improper Access Control in Devolutions DVLS Affects Sensitive Data Security
CVE-2024-10971

Currently unrated

Key Information:

Vendor: Devolutions
Status: Dvls (devolutions Server)
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-10971?

An improper access control vulnerability exists in the Password History feature of Devolutions DVLS versions up to 2024.3.6. It allows an authenticated attacker to exploit permission flaws, potentially leading to the unauthorized retrieval of sensitive user data. This security issue underscores the importance of stringent access policies and regular audits to prevent data breaches and ensure the integrity of user information.

Affected Version(s)

DVLS (Devolutions Server) Windows 0 <= 2024.3.6

References

https://devolutions.net/security/advisories/DEVO-2024-0015/

Timeline

Vulnerability published
Nov 12, 2024