Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
connectwise control vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-16517
An issue exists in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform adminis...
Connectwise Control 19.3.25270.7185
605
VMScore
CVE-2019-16513
An issue exists in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
Connectwise Control 19.3.25270.7185
578
VMScore
CVE-2019-16514
An issue exists in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
Connectwise Control 19.3.25270.7185
570
VMScore
CVE-2019-16515
An issue exists in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.
Connectwise Control 19.3.25270.7185
445
VMScore
CVE-2019-16516
An issue exists in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated malicious user to determine with certainty if an account exists for a given username.
Connectwise Control
Connectwise Control 19.3.25270.7185
1 Github repository
312
VMScore
CVE-2019-16512
An issue exists in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
Connectwise Control 19.3.25270.7185
NA
CVE-2023-25718
In ConnectWise Control up to and including 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-c...
Connectwise Control
NA
CVE-2023-25719
ConnectWise Control prior to 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executa...
Connectwise Control
NA
CVE-2023-23127
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) d...
Connectwise Connectwise 22.8.10013.8329
1 Github repository
NA
CVE-2023-23128
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerabili...
Connectwise Connectwise 22.8.10013.8329
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started