An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HConnectwise Control
APPConnectwise19.3.25270.7185
Related vulnerabilities
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signe...
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parame...
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server a...
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be ...
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP...