Vulnerabilities > Connectwise > Automate
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-47256 | Improper Authentication vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | 5.5 |
| 2024-02-01 | CVE-2023-47257 | Code Injection vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 8.1 |
| 2023-02-01 | CVE-2023-23126 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Connectwise Automate 2022.11 Connectwise Automate 2022.11 is vulnerable to Clickjacking. | 6.1 |
| 2023-02-01 | CVE-2023-23130 | Cleartext Transmission of Sensitive Information vulnerability in Connectwise Automate 2022.11 Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. | 5.9 |
| 2021-06-21 | CVE-2021-35066 | XXE vulnerability in Connectwise Automate An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | 9.8 |
| 2020-10-09 | CVE-2020-15838 | Incorrect Permission Assignment for Critical Resource vulnerability in Connectwise Automate 2019.12/2020.0/2020.7 The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | 8.8 |
| 2020-07-16 | CVE-2020-15027 | Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7 ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. | 9.8 |