ConnectWise Control 19.3.25270.7185
Approved changes feed: RSS · Atom
cpe:2.3:a:connectwise:control:19.3.25270.7185:*:*:*:*:*:*:*
part: a version: 19.3.25270.7185 update: *
| Vendor | Connectwise (ec651593-cf52-50f9-a1c6-3ea8640cab23) |
|---|---|
| Product | Control (9fc2e45e-026c-5564-b1de-aa052cedf5fe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-16517 |
vulnerable | 2026-06-08 05:13:08.500417 |
Details available
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.
Published: 2020-01-23T17:19:23.000Z
Updated: 2024-08-05T01:17:40.226Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16516 |
vulnerable | 2026-06-08 05:13:08.499981 |
Details available
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
Published: 2020-01-23T17:24:10.000Z
Updated: 2024-08-05T01:17:40.215Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16515 |
vulnerable | 2026-06-08 05:13:08.498099 |
Details available
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.
Published: 2020-01-23T17:26:25.000Z
Updated: 2024-08-05T01:17:40.243Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16514 |
vulnerable | 2026-06-08 05:13:08.497592 |
Details available
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
Published: 2020-01-23T17:21:38.000Z
Updated: 2024-08-05T01:17:40.108Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16513 |
vulnerable | 2026-06-08 05:13:08.497110 |
Details available
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
Published: 2020-01-23T17:11:11.000Z
Updated: 2024-08-05T01:17:40.245Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16512 |
vulnerable | 2026-06-08 05:13:08.496468 |
Details available
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
Published: 2020-01-23T17:14:36.000Z
Updated: 2024-08-05T01:17:40.211Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.