Vulnerabilities > Connectwise > Automate > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-47257 Code Injection vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
network
high complexity
connectwise CWE-94
8.1
2021-06-21 CVE-2021-35066 XXE vulnerability in Connectwise Automate
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
network
low complexity
connectwise CWE-611
7.5
2020-07-16 CVE-2020-15027 Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.
network
low complexity
connectwise CWE-287
7.5