PT-2017-12204 · Connectwise · Connectwise Manage
Publicado
2017-07-31
·
Atualizado
2017-08-04
·
CVE-2017-11727
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ConnectWise Manage version 2017.5
Description
The issue allows arbitrary client-side JavaScript code execution on victims who click on a crafted link. This involves a ContactCommon field in the services/system io/actionprocessor/Contact.rails component.
Recommendations
For ConnectWise Manage version 2017.5, consider disabling the Contact.rails component temporarily until a patch is available to prevent arbitrary JavaScript code execution. Restrict access to the ContactCommon field to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Connectwise Manage