Control Security Vulnerabilities and Issues — Control CVE List

ConnectwiseControl

8 matches found

CVE•added 2020/01/23 5:19 p.m.•65 views

CVE-2019-16517

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CORS misconfiguration that reflects the Origin header, enabling JavaScript from any domain to interact with server APIs and perform administrative actions without user knowledge. Public sources in the connected document...

9.8CVSS9.2AI score0.01327EPSS

CVE•added 2020/01/23 5:24 p.m.•63 views

CVE-2019-16516

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a user-enumeration vulnerability that allows an unauthenticated attacker to determine with certainty whether an account exists for a given username. This is documented in multiple sources (Red Hat CVE entry and related ad...

5.3CVSS5.2AI score0.19097EPSS

Web

CVE•added 2023/02/13 12:0 a.m.•60 views

CVE-2023-25719

ConnectWise Control before 22.9.10032 is vulnerable due to failure to validate user-supplied parameters (notably the h parameter in Bin/ConnectWiseControl.Client.exe). This can lead to reflected data and injection of malicious code into a downloaded executable, enabling malicious queries or a den...

8.8CVSS9.4AI score0.01065EPSS

CVE•added 2020/01/23 5:14 p.m.•59 views

CVE-2019-16512

CVE-2019-16512 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185, with a reported stored XSS in the Appearance modifier . The connected records confirm the issue but do not provide additional technical specifics beyond the vulnerability type and location. No explicit exploitati...

4.8CVSS4.8AI score0.01206EPSS

CVE•added 2020/01/23 5:21 p.m.•59 views

CVE-2019-16514

CVE-2019-16514 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The server allows remote code execution: an unsigned extension ZIP uploaded by an administrative user can contain executable code that is then executed on the server. This is corroborated by NVD and Red Hat entri...

7.2CVSS7.4AI score0.04214EPSS

CVE•added 2023/02/13 12:0 a.m.•59 views

CVE-2023-25718

ConnectWise Control (through 22.9.10032) has a vulnerability where, after an executable is signed, additional instructions can be appended without invalidating the signature, potentially leading to an attacker-controlled executable being offered to the end user for download and execution. Connect...

9.8CVSS8.6AI score0.00685EPSS

CVE•added 2020/01/23 5:11 p.m.•57 views

CVE-2019-16513

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CSRF issue that can be used to send API requests without user authorization. The root cause is CSRF in the web/API surface, enabling potentially unauthorized actions via forged requests. Concrete impact is partial to hi...

8.8CVSS8.5AI score0.0101EPSS

CVE•added 2020/01/23 5:26 p.m.•55 views

CVE-2019-16515

CVE-2019-16515 affects ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185. The issue is that certain HTTP security headers are not used, with CVSS metrics indicating a network-exposed, low-complexity vulnerability (Base Score ~6.4–6.5) affecting confidentiality and integrity (PARTIAL) b...

6.5CVSS6.5AI score0.01735EPSS