Vulnerabilities > Connectwise > Automate > 2020.7

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-35066 XXE vulnerability in Connectwise Automate
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
network
low complexity
connectwise CWE-611
critical
9.8
2020-10-09 CVE-2020-15838 Incorrect Permission Assignment for Critical Resource vulnerability in Connectwise Automate 2019.12/2020.0/2020.7
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
network
low complexity
connectwise CWE-732
8.8
2020-07-16 CVE-2020-15027 Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.
network
low complexity
connectwise CWE-287
critical
9.8