MDRAddress the growing frequency, type, and severity of cyber threats against SMB endpoints
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
Cloud App SecurityMonitor and manage SaaS security risks for the entire Microsoft 365 environment.
SASEZero trust secure access for users, locations, and devices
Enterprise-grade SOCProvide 24/7 threat monitoring and response backed by proprietary threat research and intelligence and certified cyber experts
Policy ManagementCreate, deploy, and manage client security policies and profiles
Incident Response ServiceOn-tap cyber experts to address critical security incidents
Cybersecurity GlossaryGuide to the most common, important terms in the industry
ConnectWise Control Broken Access Control
CWE-285 – ConnectWise Control Broken Access Control
Important - Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.
2 - Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend updates within normal change management timelines but no longer than 30 days.
21.6 and earlier
Cloud instances are being updated on a rolling schedule, but Cloud Account Admins can manually apply this update through cloud.screenconnect.com.
Please note there are some actions you need to take in order to apply this update:
- Navigate to your Administration/License page.
- Expand the Version Check box.
- If you are on 21.6 or an earlier version, you should install the latest build for your current version to receive the latest security updates.
- If your license is out of maintenance, you must upgrade your license before installing the latest supported release of Control.
Partners who do not wish to upgrade can remediate this issue by removing the global permission RunCommandOutsideSession from AllSessionGroups and applying it only to Support and Access session types or groups as needed.
Documentation for how to modify roles is available in the University at this link:
Refer to the Remediation section