PT-2026-22828 · Devolutions · Devolutions Server
Publicado
2026-03-03
·
Atualizado
2026-03-04
·
CVE-2026-3130
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Devolutions Server versions 2025.3.15 and earlier
Description
An issue exists in Devolutions Server where improper enforcement of behavioral controls can allow an authenticated attacker with delete permission to remove a Privileged Access Management (PAM) account that is currently in use. This occurs when the attacker selects the checked-out account along with at least one account that is not checked out and performs a bulk deletion operation.
Recommendations
Versions prior to 2025.3.15 should be updated.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Devolutions Server