Vulnerabilities > Connectwise > Automate > 2019.12

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-35066 XXE vulnerability in Connectwise Automate
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
network
low complexity
connectwise CWE-611
critical
 9.8
9.8
2020-10-09 CVE-2020-15838 Incorrect Permission Assignment for Critical Resource vulnerability in Connectwise Automate 2019.12/2020.0/2020.7
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
network
low complexity
connectwise CWE-732
8.8
8.8