CVE-2022-36781: 
ScreenConnect Server vulnerability analysis and mitigation

ConnectWise ScreenConnect versions 22.6 and below contained a security flaw related to inadequate rate-limiting controls in the default configuration. The vulnerability, identified as CVE-2022-36781, was discovered and reported on July 26, 2022. This vulnerability affects ConnectWise ScreenConnect software installations and allows potential brute force attacks on custom access tokens (NVD, CVE Mitre).

The vulnerability stems from inadequate rate-limiting controls in the default configuration of ScreenConnect. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and primarily impacts confidentiality (NVD).

The exploitation of this vulnerability could lead to unauthorized access to the system through repeated attempts at access code combinations. The primary impact is on the confidentiality of the system, with potential exposure of sensitive company data if successfully exploited (NVD).

ConnectWise has addressed this vulnerability in versions after 22.6 by implementing rate-limiting controls as a preventive measure against brute force attacks. Users are advised to upgrade to the latest version of the software to receive these security improvements (NVD).