Skip to main content

Devolutions Server CVE-2022-3781

MEDIUM
Missing Encryption of Sensitive Data (CWE-311)
2022-11-01 security@devolutions.net
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 01, 2022 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.

This issue affects : Remote Desktop Manager 2022.2.26 and prior versions.

Devolutions Server 2022.3.1 and prior versions.

AnalysisAI

Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-311. Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. Affected products include: Devolutions Devolutions Server, Devolutions Remote Desktop Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-3204 CRITICAL
9.8 Mar 03

Input validation flaw in Devolutions Server error message page enables remote spoofing attacks.

CVE-2026-3224 CRITICAL
9.8 Mar 03

Azure AD auth bypass in Devolutions Server 2025.3.15.0 and earlier.

CVE-2026-0610 CRITICAL
9.8 Jan 19

Devolutions Server 2025.3.1 through 2025.3.6 contains a SQL injection vulnerability in the remote sessions component tha

CVE-2026-3130 CRITICAL
9.8 Mar 03

Behavioral control bypass in Devolutions Server 2025.3.15 allows authenticated users to exploit delete permissions.

CVE-2024-2921 CRITICAL
9.8 Mar 26

Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated u

CVE-2021-23921 CRITICAL
9.1 Apr 01

An issue was discovered in Devolutions Server before 2020.3. Rated critical severity (CVSS 9.1), this vulnerability is r

CVE-2025-13757 HIGH
8.8 Nov 27

SQL Injection vulnerability in last usage logs in Devolutions Server.2.20, through 2025.3.8. Rated high severity (CVSS 8

CVE-2024-2915 HIGH
8.8 Mar 26

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access t

CVE-2023-0953 HIGH
8.8 Mar 01

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authe

CVE-2023-0951 HIGH
8.8 Mar 01

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privil

CVE-2022-33996 HIGH
8.8 Jul 07

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inh

CVE-2025-4433 HIGH
8.7 May 30

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrativ

Share

CVE-2022-3781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy