CVE-2023-23126

Name of the Vulnerable Software and Affected Versions Connectwise Automate version 2022.11

Description The issue allows the login screen to be iframed, potentially manipulating users into performing unintended actions. The vendor claims that a Content-Security-Policy HTTP response header is present to block this attack.

Recommendations For Connectwise Automate version 2022.11, as a temporary workaround, consider implementing additional security measures to prevent clickjacking attacks, such as configuring the Content-Security-Policy header to block iframing of the login screen. However, the effectiveness of this measure is disputed due to the vendor's claim of existing protection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.