CVE-2019-16517

Name of the Vulnerable Software and Affected Versions ConnectWise Control versions 19.3.25270.7185

Description A CORS misconfiguration issue allows JavaScript running on any domain to interact with the server APIs, enabling administrative actions without the victim's knowledge. This is due to the server reflecting the Origin provided by incoming requests.

Recommendations For ConnectWise Control version 19.3.25270.7185, consider restricting access to the server APIs to prevent unauthorized administrative actions until a fix is available. As a temporary workaround, review and adjust the CORS configuration to properly validate and handle incoming requests.