Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ConnectWise - ScreenConnect Session Code Bypass
Vulnerability Description
ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
ConnectWise Control 安全漏洞
Vulnerability Description
ConnectWise Control是美国ConnectWise公司的一个自托管远程桌面软件应用程序。 ConnectWise Control 存在安全漏洞,该漏洞源于攻击者可以使用代理来监视流量,并对会话代码执行暴力操作实现连接会话代码绕过并从会话中,在会议中获得公司的敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A