Vulnerabilities > Connectwise > Automate > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2023-47257 | Code Injection vulnerability in Connectwise Automate and Screenconnect ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 8.1 |
2020-10-09 | CVE-2020-15838 | Incorrect Permission Assignment for Critical Resource vulnerability in Connectwise Automate 2019.12/2020.0/2020.7 The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | 8.8 |