Lucene search
K
ConnectwiseScreenconnect

8 matches found

CVE
CVE
added 2024/02/21 3:36 p.m.737 views

CVE-2024-1709

CVE-2024-1709 affects ConnectWise ScreenConnect (23.9.7 and earlier). It is an Authentication Bypass Using an Alternate Path or Channel that can grant direct access to confidential information or critical systems. Multiple sources indicate active exploitation and urge patching; ConnectWise releas...

10CVSS8.6AI score0.99959EPSS
In wild
CVE
CVE
added 2025/04/25 6:27 p.m.318 views

CVE-2025-3935

CVE-2025-3935 affects ScreenConnect 25.2.3 and earlier, where ViewState code injection can enable remote code execution if machine keys are compromised. The vulnerability stems from platform-level ViewState handling in ASP.NET Web Forms rather than a ScreenConnect flaw. ScreenConnect 2025.4 patch...

8.1CVSS8.5AI score0.03292EPSS
In wild
CVE
CVE
added 2024/02/21 3:29 p.m.200 views

CVE-2024-1708

CVE-2024-1708/1709 affect ConnectWise ScreenConnect (Server 23.9.7 and earlier). A path-traversal flaw (CVE-2024-1708) may allow remote code execution; an authentication-bypass flaw (CVE-2024-1709) enables access without credentials, potentially leading to RCE. Public exploit tooling exists (e.g....

8.4CVSS9.6AI score0.87624EPSS
In wild
CVE
CVE
added 2022/09/28 7:11 p.m.86 views

CVE-2022-36781

CVE-2022-36781 affects ConnectWise ScreenConnect versions 22.6 and below. The root cause is inadequate rate-limiting on custom access tokens in the default configuration, enabling potential brute-force attempts to gain unauthorized access to session code protections. Multiple connected sources co...

5.3CVSS5.4AI score0.00457EPSS
CVE
CVE
added 2024/02/01 12:0 a.m.58 views

CVE-2023-47256

ConnectWise ScreenConnect (ConnectWise Control) versions through 23.8.4 are affected. Local users can connect to arbitrary relay servers due to an implicit trust of proxy settings, exposing potential bypass of proxy controls and related security boundaries. The vulnerability description is suppor...

5.5CVSS5.5AI score0.00445EPSS
CVE
CVE
added 2024/02/01 12:0 a.m.56 views

CVE-2023-47257

CVE-2023-47257 affects ConnectWise ScreenConnect up to version 23.8.4. A remote code execution vulnerability can be leveraged by crafting messages, with a network attack vector, no privileges required, and high impact on confidentiality, integrity, and availability. Remediation is referenced in C...

8.1CVSS8.3AI score0.01044EPSS
CVE
CVE
added 2025/12/11 2:21 p.m.20 views

CVE-2025-14265

CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...

9.1CVSS6.9AI score0.00324EPSS
CVE
CVE
added 2025/12/18 3:50 p.m.12 views

CVE-2025-14823

The CVE-2025-14823 issue affects ConnectWise ScreenConnect’s Certificate Signing Extension. Affected: Certificate Signing Extension prior to version 1.0.12. Description across sources shows that encrypted configuration values, including an Azure Key Vault-related key, could be exposed in client r...

5.3CVSS6.4AI score0.00133EPSS