CVE-2024-10971

Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.

CVSS

No CVSS.

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2024-0015/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

History

27 Jun 2025, 18:47

Type	Values Removed	Values Added
First Time		Devolutions Devolutions devolutions Server
References	~~() https://devolutions.net/security/advisories/DEVO-2024-0015/ -~~	() https://devolutions.net/security/advisories/DEVO-2024-0015/ - Vendor Advisory
CPE		cpe:2.3:a:devolutions:devolutions_server::::::::

12 Nov 2024, 17:15

Type	Values Removed	Values Added
Summary	~~Improper access control in the Password History feature in Devolutions DVLS 2024.3.7 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.~~	Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.

12 Nov 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-12 16:15

Updated : 2025-06-27 18:47

NVD link : CVE-2024-10971

Mitre link : CVE-2024-10971

JSON object : View

Products Affected

devolutions

devolutions_server

CWE

No CWE.

JSON object

Attach tags to CVE-2024-10971

Attach tags to `CVE-2024-10971`