Vulnerabilities > Connectwise > Automate > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-47256 Improper Authentication vulnerability in Connectwise Automate and Screenconnect
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
local
low complexity
connectwise CWE-287
5.5
2023-02-01 CVE-2023-23126 Improper Restriction of Rendered UI Layers or Frames vulnerability in Connectwise Automate 2022.11
Connectwise Automate 2022.11 is vulnerable to Clickjacking.
network
low complexity
connectwise CWE-1021
6.1
2023-02-01 CVE-2023-23130 Cleartext Transmission of Sensitive Information vulnerability in Connectwise Automate 2022.11
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication.
network
high complexity
connectwise CWE-319
5.9
2020-10-09 CVE-2020-15838 Improper Authentication vulnerability in Connectwise Automate 2019.12/2020.0/2020.7
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
network
low complexity
connectwise CWE-287
6.5