Vulnerabilities > Connectwise > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-47256 | Improper Authentication vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | 5.5 |
| 2023-02-01 | CVE-2023-23126 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Connectwise Automate 2022.11 Connectwise Automate 2022.11 is vulnerable to Clickjacking. | 6.1 |
| 2023-02-01 | CVE-2023-23127 | Missing Encryption of Sensitive Data vulnerability in Connectwise 22.8.10013.8329 In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. | 5.3 |
| 2023-02-01 | CVE-2023-23128 | Unspecified vulnerability in Connectwise 22.8.10013.8329 Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). | 6.1 |
| 2023-02-01 | CVE-2023-23130 | Cleartext Transmission of Sensitive Information vulnerability in Connectwise Automate 2022.11 Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. | 5.9 |
| 2022-09-28 | CVE-2022-36781 | Improper Restriction of Excessive Authentication Attempts vulnerability in Connectwise Screenconnect ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. | 5.3 |
| 2020-01-23 | CVE-2019-16516 | Information Exposure Through Discrepancy vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 5.3 |
| 2020-01-23 | CVE-2019-16515 | Unspecified vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 6.5 |
| 2020-01-23 | CVE-2019-16512 | Cross-site Scripting vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 4.8 |
| 2017-07-31 | CVE-2017-11727 | Cross-site Scripting vulnerability in Connectwise Manage 2017.5 services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS. | 6.1 |