Connectwise 22.8.10013.8329
Approved changes feed: RSS · Atom
cpe:2.3:a:connectwise:connectwise:22.8.10013.8329:*:*:*:*:*:*:*
part: a version: 22.8.10013.8329 update: *
| Vendor | Connectwise (ec651593-cf52-50f9-a1c6-3ea8640cab23) |
|---|---|
| Product | Connectwise (41c9ec1e-ce3d-50cc-852c-33f0ea5bdea5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-23128 |
vulnerable | 2026-06-08 05:54:27.844284 |
Details available
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.
Published: 2023-02-01T00:00:00.000Z
Updated: 2025-03-27T14:24:45.401Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23127 |
vulnerable | 2026-06-08 05:54:27.843865 |
Details available
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
Published: 2023-02-01T00:00:00.000Z
Updated: 2024-08-02T10:28:39.892Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.