Vulnerabilities > Connectwise > Automate

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-47256 Improper Authentication vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
local
low complexity
connectwise CWE-287
5.5
2024-02-01 CVE-2023-47257 Code Injection vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
network
high complexity
connectwise CWE-94
8.1
2023-02-01 CVE-2023-23126 Improper Restriction of Rendered UI Layers or Frames vulnerability in Connectwise Automate 2022.11
Connectwise Automate 2022.11 is vulnerable to Clickjacking.
network
low complexity
connectwise CWE-1021
6.1
2023-02-01 CVE-2023-23130 Cleartext Transmission of Sensitive Information vulnerability in Connectwise Automate 2022.11
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication.
network
high complexity
connectwise CWE-319
5.9
2021-06-21 CVE-2021-35066 XXE vulnerability in Connectwise Automate
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
network
low complexity
connectwise CWE-611
7.5
2020-10-09 CVE-2020-15838 Improper Authentication vulnerability in Connectwise Automate 2019.12/2020.0/2020.7
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
network
low complexity
connectwise CWE-287
6.5
2020-07-16 CVE-2020-15027 Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.
network
low complexity
connectwise CWE-287
7.5