CRITICAL🇵🇱 Wersja polska

CVE-2019-16517

CVSS 9.8v3.1pub. 2020-01-23upd. 2024-11-21

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Connectwise Control

    APP
    Connectwise
    19.3.25270.7185
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-25718CRITICAL9.8ten sam produkt

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signe...

CVE-2023-25719HIGH8.8ten sam produkt

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parame...

CVE-2019-16514HIGH7.2ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server a...

CVE-2019-16513HIGH8.8ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be ...

CVE-2019-16515MEDIUM6.5ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP...