CVE-2024-12148
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 4, 2024
Updated: Dec 5, 2024
CWE ID 863
Summary
CVE-2024-12148 is a vulnerability affecting Devolutions Server versions 2024.3.6.0 and earlier. This issue involves a misconfiguration in the permission validation component, enabling authenticated users to bypass authorization and access certain reporting endpoints. This inaccurate access control can potentially lead to unintended data exposure or manipulation. It's essential for users to update their Devolutions Server software to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Devolutions Server
Affected Vendors
- Devolutions