CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
3 results · Page 1/1
ConnectWise ScreenConnect Path Traversal Vulnerability
ConnectWise · ScreenConnect
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise · ScreenConnect
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise · ScreenConnect
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
