Lucene search
K

81 matches found

OSV
OSV
added 2020/01/23 6:15 p.m.3 views

CVE-2019-16516

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...

5.3CVSS6.1AI score0.19097EPSS
Exploits4References6
OSV
OSV
added 2020/01/23 6:15 p.m.3 views

CVE-2019-16514

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...

7.2CVSS7.3AI score0.04214EPSS
Exploits1References5
OSV
OSV
added 2020/01/23 6:15 p.m.5 views

CVE-2019-16512

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...

4.8CVSS5.8AI score0.01206EPSS
Exploits1References5
NVD
NVD
added 2020/01/23 6:15 p.m.23 views

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

9.8CVSS9.4AI score0.01327EPSS
Exploits1References5
Prion
Prion
added 2020/01/23 6:15 p.m.20 views

Code injection

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...

5CVSS5.2AI score0.19097EPSS
Exploits4References6Affected Software1
Prion
Prion
added 2020/01/23 6:15 p.m.16 views

Cross site request forgery (csrf)

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

6.8CVSS8.6AI score0.0101EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2020/01/23 6:15 p.m.18 views

Cross site scripting

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...

3.5CVSS4.8AI score0.01206EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2020/01/23 6:15 p.m.16 views

Code injection

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

7.5CVSS9.2AI score0.01327EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2020/01/23 6:15 p.m.16 views

Remote code execution

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...

6.5CVSS7.3AI score0.04214EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2020/01/23 6:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.4CVSS6.5AI score0.01735EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2020/01/23 5:26 p.m.56 views

CVE-2019-16515

CVE-2019-16515 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The issue is that certain HTTP security headers are not used, with CVSS metrics indicating a network-exposed, low-complexity vulnerability (Base Score ~6.4–6.5) affecting confidentiality and integrity (PARTIAL) b...

6.5CVSS6.5AI score0.01735EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2020/01/23 5:26 p.m.23 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5AI score0.01735EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/01/23 5:24 p.m.31 views

CVE-2019-16516

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...

5.3AI score0.19097EPSS
Exploits4References6
CVE
CVE
added 2020/01/23 5:24 p.m.64 views

CVE-2019-16516

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a user-enumeration vulnerability that allows an unauthenticated attacker to determine with certainty whether an account exists for a given username. This is documented in multiple sources (Red Hat CVE entry and related ad...

5.3CVSS5.2AI score0.19097EPSS
Exploits4References6Affected Software1
CVE
CVE
added 2020/01/23 5:21 p.m.59 views

CVE-2019-16514

CVE-2019-16514 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The server allows remote code execution: an unsigned extension ZIP uploaded by an administrative user can contain executable code that is then executed on the server. This is corroborated by NVD and Red Hat entri...

7.2CVSS7.4AI score0.04214EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2020/01/23 5:21 p.m.16 views

CVE-2019-16514

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...

7.4AI score0.04214EPSS
Exploits1References5
CVE
CVE
added 2020/01/23 5:19 p.m.66 views

CVE-2019-16517

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CORS misconfiguration that reflects the Origin header, enabling JavaScript from any domain to interact with server APIs and perform administrative actions without user knowledge. Public sources in the connected document...

9.8CVSS9.2AI score0.01327EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2020/01/23 5:19 p.m.27 views

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

9.4AI score0.01327EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/01/23 5:14 p.m.23 views

CVE-2019-16512

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...

4.9AI score0.01206EPSS
Exploits1References5
CVE
CVE
added 2020/01/23 5:11 p.m.59 views

CVE-2019-16513

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CSRF issue that can be used to send API requests without user authorization. The root cause is CSRF in the web/API surface, enabling potentially unauthorized actions via forged requests. Concrete impact is partial to hi...

8.8CVSS8.5AI score0.0101EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder