Lucene search
K

81 matches found

Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.13 views

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

6.8AI score0.00313EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.8 views

ConnectWise Control 安全漏洞

ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. A security vulnerability exists in ConnectWise Control version 22.8.10013.8329, which stems from vulnerability to cross-origin resource sharing CORS attacks...

6.1CVSS6.3AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 2023/02/01 12:0 a.m.55 views

CVE-2023-23128

ConnectWise Control 22.8.10013.8329 is cited in multiple sources (NVD, Red Hat CVE, CVE listings) as vulnerable to a Cross Origin Resource Sharing (CORS) issue due to Access-Control-Allow-Origin wildcarding on two endpoints. The vendor states this behavior is required for functionality and poses ...

6.1CVSS6.2AI score0.00374EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.4 views

PT-2023-18848 · Connectwise · Connectwise Control

Name of the Vulnerable Software and Affected Versions: Connectwise Control version 22.8.10013.8329 Description: The login page of Connectwise Control does not implement HSTS headers, which results in not enforcing HTTPS. The vendor's position is that this behavior is controlled by a configuration...

5.3CVSS6.9AI score0.00313EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.8 views

CVE-2023-23128

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing CORS. The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not...

6.3AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.20 views

CVE-2023-23128

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing CORS. The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not...

6.5AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.20 views

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

5.5AI score0.00313EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/01/26 4:27 a.m.5 views

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

At least two federal agencies in the U.S. fell victim to a "widespread cyber campaign" that involved the use of legitimate remote monitoring and management RMM software to perpetuate a phishing scam. "Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.211 views

ConnectWise Control 19.2.24707 Username Enumeration

Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Date: 17/12/2021 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing impo...

5.3CVSS5.4AI score0.19097EPSS
Exploits4
0day.today
0day.today
added 2022/01/05 12:0 a.m.265 views

ConnectWise Control 19.2.24707 - Username Enumeration Exploit

Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing import Process, Queue...

5.3CVSS5.4AI score0.19097EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.308 views

ConnectWise Control 19.2.24707 - Username Enumeration

Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Date: 17/12/2021 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing impo...

5.3CVSS5.4AI score0.19097EPSS
Exploits4
The Hacker News
The Hacker News
added 2021/02/11 7:43 a.m.53 views

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...

0.5AI score
Exploits0
OSV
OSV
added 2020/01/23 6:15 p.m.4 views

CVE-2019-16513

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

8.8CVSS7.3AI score0.0101EPSS
Exploits1References5
NVD
NVD
added 2020/01/23 6:15 p.m.26 views

CVE-2019-16516

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...

5.3CVSS5.3AI score0.19097EPSS
Exploits4References6
NVD
NVD
added 2020/01/23 6:15 p.m.17 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5CVSS6.5AI score0.01735EPSS
Exploits1References5
OSV
OSV
added 2020/01/23 6:15 p.m.4 views

CVE-2019-16512

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...

4.8CVSS5.8AI score0.01206EPSS
Exploits1References5
NVD
NVD
added 2020/01/23 6:15 p.m.11 views

CVE-2019-16514

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...

7.2CVSS7.4AI score0.04214EPSS
Exploits1References5
OSV
OSV
added 2020/01/23 6:15 p.m.4 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5CVSS6.6AI score0.01735EPSS
Exploits1References5
OSV
OSV
added 2020/01/23 6:15 p.m.6 views

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

9.8CVSS7.3AI score0.01327EPSS
Exploits1References5
OSV
OSV
added 2020/01/23 6:15 p.m.3 views

CVE-2019-16516

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...

5.3CVSS6.1AI score0.19097EPSS
Exploits4References6
Rows per page
Query Builder