CVE-2023-23127
Description
** DISPUTED **In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
Related CPE's
Could not find any relations
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics