Connectwise CVE

Filtered by vendor Connectwise Subscribe

Total 26 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-16514	1 Connectwise	1 Control	2024-11-21	6.5 MEDIUM	7.2 HIGH
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
CVE-2019-16513	1 Connectwise	1 Control	2024-11-21	6.8 MEDIUM	8.8 HIGH
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
CVE-2019-16512	1 Connectwise	1 Control	2024-11-21	3.5 LOW	4.8 MEDIUM
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
CVE-2017-18362	1 Connectwise	1 Manageditsync	2024-11-21	7.5 HIGH	9.8 CRITICAL
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
CVE-2017-11727	1 Connectwise	1 Manage	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
CVE-2017-11726	1 Connectwise	1 Manage	2024-11-21	6.8 MEDIUM	8.8 HIGH
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.

Vulnerabilities (CVE)