cvedb.io
CVE-2022-36781
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-09-28T20:15:11.857 · Last modified 2026-06-17T04:53:58.020

Summary

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.

Affected products

connectwise — screenconnect

Does this affect you?

Add your gear to cvedb and we'll alert you only when connectwise ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.