Vulnerabilities > Connectwise > Automate > 2020.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2021-35066 | XXE vulnerability in Connectwise Automate An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | 9.8 |
| 2020-10-09 | CVE-2020-15838 | Incorrect Permission Assignment for Critical Resource vulnerability in Connectwise Automate 2019.12/2020.0/2020.7 The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | 8.8 |
| 2020-07-16 | CVE-2020-15027 | Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7 ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. | 9.8 |