CVE-2019-16516

MEDIUM

ConnectWise Control <19.3.25270.7185 - Info Disclosure

Title source: llm

Description

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.

Exploits (2)

exploitdb WORKING POC
by Luca Cuzzolin · pythonremotemultiple
https://www.exploit-db.com/exploits/50618
nomisec SCANNER
by czz · poc
https://github.com/czz/ScreenConnect-UserEnum

References (6)

Scores

CVSS v3 5.3
EPSS 0.3821
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-203
Status published
Products (2)
connectwise/control 19.3.25270.7185
connectwise/control < 19.2.24707
Published Jan 23, 2020
Tracked Since Feb 18, 2026