Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-4846

June 25, 2024, 6:50 p.m.

Product(s) Impacted

Devolutions Server

  • 2024.1.14.0
  • before 2024.1.14.0

Description

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.

Weaknesses

Date

Published: June 25, 2024, 1:15 p.m.

Last Modified: June 25, 2024, 6:50 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@devolutions.net

References

https://devolutions.net/ security@devolutions.net