CVE-2023-2257
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/04/2023
Last modified:
04/02/2025
Description
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub <br />
Business space without being prompted to enter the password via an <br />
unimplemented "Force Login" security feature.<br />
<br />
This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.<br />
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:devolutions:workspace:*:*:*:*:desktop:*:*:* | 2023.1.1.4 (excluding) | |
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page