Vulnerabilities > Connectwise

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-35066 XXE vulnerability in Connectwise Automate
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
network
low complexity
connectwise CWE-611
7.5
2021-06-17 CVE-2021-32582 SQL Injection vulnerability in Connectwise Automate 2019.12/2020.7
An issue was discovered in ConnectWise Automate before 2021.5.
network
low complexity
connectwise CWE-89
5.0
2020-10-09 CVE-2020-15838 Improper Authentication vulnerability in Connectwise Automate 2019.12/2020.0/2020.7
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
network
low complexity
connectwise CWE-287
6.5
2020-07-16 CVE-2020-15027 Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.
network
low complexity
connectwise CWE-287
7.5
2020-07-07 CVE-2020-15008 SQL Injection vulnerability in Connectwise Automate 2019.12
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12.
6.0
2020-06-15 CVE-2020-14159 SQL Injection vulnerability in Connectwise Automate API
By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx.
network
low complexity
connectwise CWE-89
6.5
2020-01-23 CVE-2019-16517 Origin Validation Error vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-346
7.5
2020-01-23 CVE-2019-16516 Information Exposure Through Discrepancy vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-203
5.0
2020-01-23 CVE-2019-16515 Unspecified vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise
6.4
2020-01-23 CVE-2019-16514 Unrestricted Upload of File with Dangerous Type vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-434
6.5