Back

CVE-2024-4846

June 25, 2024, 6:50 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Devolutions Server

  • 2024.1.14.0
  • before 2024.1.14.0

Source

security@devolutions.net

Tags

security@devolutions.net
2024-06-25
CVE-2024-4846

CVE-2024-4846 details

Published : June 25, 2024, 1:15 p.m.
Last Modified : June 25, 2024, 6:50 p.m.

Description

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://devolutions.net/security/advisories/DEVO-2024-0009 security@devolutions.net
This website uses the NVD API, but is not approved or certified by it.