Lucene search
K

157 matches found

NVD
NVD
added 2022/09/28 8:15 p.m.24 views

CVE-2022-36781

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting...

5.3CVSS0.00457EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/28 7:11 p.m.28 views

CVE-2022-36781 ConnectWise - ScreenConnect Session Code Bypass

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting...

5.3CVSS5.8AI score0.00457EPSS
Exploits0References1
CVE
CVE
added 2022/09/28 7:11 p.m.86 views

CVE-2022-36781

CVE-2022-36781 affects ConnectWise ScreenConnect versions 22.6 and below. The root cause is inadequate rate-limiting on custom access tokens in the default configuration, enabling potential brute-force attempts to gain unauthorized access to session code protections. Multiple connected sources co...

5.3CVSS5.4AI score0.00457EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/28 8:57 a.m.4 views

CVE-2022-36781

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.14 views

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. ConnectWise ScreenConnect suffers from a security vulnerability that stems from the fact that an attacker can use a proxy to monitor traffic and perform brute force operations on the session code to...

5.3CVSS6AI score0.00457EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.8 views

PT-2022-23620 · Connectwise · Connectwise Screenconnect

Name of the Vulnerable Software and Affected Versions: ConnectWise ScreenConnect versions 22.6 and below Description: The issue allows potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this to gain...

5.3CVSS7.5AI score0.00457EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2022/02/28 6:52 a.m.43 views

Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API

An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an...

1.6AI score
Exploits0
0day.today
0day.today
added 2022/01/05 12:0 a.m.265 views

ConnectWise Control 19.2.24707 - Username Enumeration Exploit

Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing import Process, Queue...

5.3CVSS5.4AI score0.19097EPSS
Exploits4
The Hacker News
The Hacker News
added 2021/02/11 7:43 a.m.10 views

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 7:43 a.m.53 views

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...

0.5AI score
Exploits0
OSV
OSV
added 2020/01/23 6:15 p.m.4 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5CVSS6.6AI score0.01735EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/01/23 5:26 p.m.23 views

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

6.5AI score0.01735EPSS
Exploits1References5
CVE
CVE
added 2020/01/23 5:26 p.m.56 views

CVE-2019-16515

CVE-2019-16515 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The issue is that certain HTTP security headers are not used, with CVSS metrics indicating a network-exposed, low-complexity vulnerability (Base Score ~6.4–6.5) affecting confidentiality and integrity (PARTIAL) b...

6.5CVSS6.5AI score0.01735EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2020/01/23 5:24 p.m.64 views

CVE-2019-16516

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a user-enumeration vulnerability that allows an unauthenticated attacker to determine with certainty whether an account exists for a given username. This is documented in multiple sources (Red Hat CVE entry and related ad...

5.3CVSS5.2AI score0.19097EPSS
Exploits4References6Affected Software1
CVE
CVE
added 2020/01/23 5:21 p.m.59 views

CVE-2019-16514

CVE-2019-16514 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The server allows remote code execution: an unsigned extension ZIP uploaded by an administrative user can contain executable code that is then executed on the server. This is corroborated by NVD and Red Hat entri...

7.2CVSS7.4AI score0.04214EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2020/01/23 5:19 p.m.68 views

CVE-2019-16517

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CORS misconfiguration that reflects the Origin header, enabling JavaScript from any domain to interact with server APIs and perform administrative actions without user knowledge. Public sources in the connected document...

9.8CVSS9.2AI score0.01327EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2020/01/23 5:11 p.m.59 views

CVE-2019-16513

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CSRF issue that can be used to send API requests without user authorization. The root cause is CSRF in the web/API surface, enabling potentially unauthorized actions via forged requests. Concrete impact is partial to hi...

8.8CVSS8.5AI score0.0101EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder