What is CVE-2023-0953?

CVE-2023-0953 is a high-severity vulnerability in Devolutions Server, classified under SQL Injection. CVSS score: 8.8/10. Published 2023-03-01.

How severe is CVE-2023-0953?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Devolutions Server

CVE-2023-0953

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

Vulnerability class: SQL Injection

EPSS: 0.010 (59.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Devolutions Server — versions 0
Devolutions Devolutions_server

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security@devolutions.net (Vendor Advisory)

Frequently asked questions

What is CVE-2023-0953?: CVE-2023-0953 is a high-severity vulnerability in Devolutions Server, classified under SQL Injection. CVSS score: 8.8/10. Published 2023-03-01.
How severe is CVE-2023-0953?: High severity. CVSS v3 base score is 8.8 out of 10.