HTTP Security Headers Vulnerability in ConnectWise Control by ConnectWise
CVE-2019-16515

6.5MEDIUM

Key Information:

Vendor

Connectwise
Status
Control
Vendor
CVE Published:
23 January 2020

What is CVE-2019-16515?

A vulnerability exists in ConnectWise Control where certain HTTP security headers are not utilized, potentially exposing users to various security threats. This oversight can lead to increased risk of data interception or exploitation by unauthorized entities. Organizations utilizing ConnectWise Control version 19.3.25270.7185 are advised to assess their security configurations and implement necessary measures to mitigate potential risks.

References

https://know.bishopfox.com/advisories
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10013
x_refsource_MISC
https://know.bishopfox.com/advisories/connectwise-control
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.