Vulnerabilities > Connectwise

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-16514 Unrestricted Upload of File with Dangerous Type vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-434
7.2
7.2
2020-01-23 CVE-2019-16513 Cross-Site Request Forgery (CSRF) vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-352
8.8
8.8
2020-01-23 CVE-2019-16512 Cross-site Scripting vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-79
4.8
4.8
2019-02-05 CVE-2017-18362 SQL Injection vulnerability in Connectwise Manageditsync 2017
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
network
low complexity
connectwise CWE-89
critical
 9.8
9.8
2017-07-31 CVE-2017-11727 Cross-site Scripting vulnerability in Connectwise Manage 2017.5
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
network
low complexity
connectwise CWE-79
6.1
6.1
2017-07-31 CVE-2017-11726 Cross-Site Request Forgery (CSRF) vulnerability in Connectwise Manage 2017.5
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.
network
low complexity
connectwise CWE-352
8.8
8.8