Connectwise: >> Automate >> 2022.11 Security Vulnerabilities
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-01
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-02-01