81 matches found
CVE-2019-16516
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...
CVE-2019-16514
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...
CVE-2019-16512
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...
CVE-2019-16517
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...
Code injection
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...
Cross site request forgery (csrf)
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...
Cross site scripting
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...
Code injection
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...
Remote code execution
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...
Design/Logic Flaw
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...
CVE-2019-16515
CVE-2019-16515 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The issue is that certain HTTP security headers are not used, with CVSS metrics indicating a network-exposed, low-complexity vulnerability (Base Score ~6.4–6.5) affecting confidentiality and integrity (PARTIAL) b...
CVE-2019-16515
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...
CVE-2019-16516
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...
CVE-2019-16516
ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a user-enumeration vulnerability that allows an unauthenticated attacker to determine with certainty whether an account exists for a given username. This is documented in multiple sources (Red Hat CVE entry and related ad...
CVE-2019-16514
CVE-2019-16514 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The server allows remote code execution: an unsigned extension ZIP uploaded by an administrative user can contain executable code that is then executed on the server. This is corroborated by NVD and Red Hat entri...
CVE-2019-16514
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...
CVE-2019-16517
ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CORS misconfiguration that reflects the Origin header, enabling JavaScript from any domain to interact with server APIs and perform administrative actions without user knowledge. Public sources in the connected document...
CVE-2019-16517
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...
CVE-2019-16512
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...
CVE-2019-16513
ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CSRF issue that can be used to send API requests without user authorization. The root cause is CSRF in the web/API surface, enabling potentially unauthorized actions via forged requests. Concrete impact is partial to hi...