CVE-2023-23127

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.

Related Vulnerabilities

CVE-2015-0558

MEDIUM
CVSS:5.3(Medium)

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.

CWE-3112015

CVE-2018-17563

MEDIUM
CVSS:5.3(Medium)

A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext.

CWE-3112018

CVE-2018-5482

MEDIUM
CVSS:5.3(Medium)

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.

CWE-3112018

CVE-2018-6976

MEDIUM
CVSS:5.3(Medium)

The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite d...

CWE-3112018

CVE-2019-19464

MEDIUM
CVSS:5.3(Medium)

The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.

CWE-3112019

CVE-2019-4471

MEDIUM
CVSS:5.3(Medium)

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote atta...

CWE-3112019