CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47256
https://notcve.org/view.php?id=CVE-2023-47256
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings ConnectWise ScreenConnect hasta 23.8.4 permite a los usuarios locales conectarse a servidores de retransmisión arbitrarios mediante la confianza implícita en la configuración del proxy • https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47257
https://notcve.org/view.php?id=CVE-2023-47257
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. ConnectWise ScreenConnect hasta la versión 23.8.4 permite a atacantes de man in the middle lograr la ejecución remota de código a través de mensajes manipulados. • https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23130
https://notcve.org/view.php?id=CVE-2023-23130
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. • https://github.com/l00neyhacker/CVE-2023-23130 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23126
https://notcve.org/view.php?id=CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. • https://github.com/l00neyhacker/CVE-2023-23126 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35066
https://notcve.org/view.php?id=CVE-2021-35066
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. Se presenta una vulnerabilidad de tipo XXE en ConnectWise Automate versiones anteriores a 2021.0.6.132 • https://home.connectwise.com/securityBulletin/60cc8c63508a120001cb6e8d https://www.connectwise.com/company/trust/security-bulletins • CWE-611: Improper Restriction of XML External Entity Reference •