漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ConnectWise - ScreenConnect Session Code Bypass
Vulnerability Description
ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
ConnectWise Control 安全漏洞
Vulnerability Description
ConnectWise Control是美国ConnectWise公司的一个自托管远程桌面软件应用程序。 ConnectWise Control 存在安全漏洞,该漏洞源于攻击者可以使用代理来监视流量,并对会话代码执行暴力操作实现连接会话代码绕过并从会话中,在会议中获得公司的敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A