CVE-2024-12148

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 4, 2024
Updated: Dec 5, 2024
CWE ID 863

Summary

CVE-2024-12148 is a vulnerability affecting Devolutions Server versions 2024.3.6.0 and earlier. This issue involves a misconfiguration in the permission validation component, enabling authenticated users to bypass authorization and access certain reporting endpoints. This inaccurate access control can potentially lead to unintended data exposure or manipulation. It's essential for users to update their Devolutions Server software to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Devolutions Server

Affected Vendors

  • Devolutions