CVE-2017-11726

8.8HIGH

Key Information

Vendor: Connectwise
Status: Manage
Vendor: CVE Published:; 31 July 2017

Summary

services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.

References

https://becomepentester.blogspot.in/2017/07/ConnectWise-M...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2017
Vulnerability Reserved
Jul 28, 2017

Collectors

NVD DatabaseMitre Database