CVE-2023-23126

medium

Description

** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.

References

https://github.com/l00neyhacker/CVE-2023-23126

Details

Source: MITRE

Published: 2023-02-01

Updated: 2023-02-08

Type: CWE-1021

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM