Cross-Site Request Forgery Vulnerability in ConnectWise Manage by ConnectWise
CVE-2017-11726

8.8HIGH

Key Information:

Vendor: Connectwise
Status: Manage
Vendor: CVE Published:; 31 July 2017

🔔 Create Connectwise Vulnerability Alert

What is CVE-2017-11726?

ConnectWise Manage version 2017.5 is susceptible to Cross-Site Request Forgery (CSRF), allowing attackers to execute unauthorized commands via manipulated requests. This vulnerability can potentially alter critical user settings without proper authentication, such as changing an email address, leading to unauthorized access or data leakage.

References

https://becomepentester.blogspot.in/2017/07/ConnectWise-M...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2017
Vulnerability Reserved
Jul 28, 2017