PT-2023-18849 · Connectwise · Connectwise Control
L00Neyhacker
·
Publicado
2023-02-01
·
Atualizado
2024-08-02
·
CVE-2023-23128
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Connectwise Control version 22.8.10013.8329
Description
The issue concerns Cross Origin Resource Sharing (CORS) in Connectwise Control. According to the vendor, two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and they claim there is no risk from this behavior. The vulnerability report is disputed.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Connectwise Control