Filtered by vendor Connectwise
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-23130 | 1 Connectwise | 1 Automate | 2024-08-02 | 5.9 Medium |
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. | ||||
CVE-2023-23128 | 1 Connectwise | 1 Connectwise | 2024-08-02 | 6.1 Medium |
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. | ||||
CVE-2023-23127 | 1 Connectwise | 1 Connectwise | 2024-08-02 | 5.3 Medium |
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. | ||||
CVE-2023-23126 | 1 Connectwise | 1 Automate | 2024-08-02 | 6.1 Medium |
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. | ||||
CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2024-08-01 | 10 Critical |
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | ||||
CVE-2024-1708 | 1 Connectwise | 1 Screenconnect | 2024-08-01 | 8.4 High |
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. |