Vulnerabilities > Connectwise
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-36781 | Improper Restriction of Excessive Authentication Attempts vulnerability in Connectwise Screenconnect ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. | 5.3 |
| 2021-06-21 | CVE-2021-35066 | XXE vulnerability in Connectwise Automate An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | 9.8 |
| 2021-06-17 | CVE-2021-32582 | SQL Injection vulnerability in Connectwise Automate 2019.12/2020.7 An issue was discovered in ConnectWise Automate before 2021.5. | 7.5 |
| 2020-10-09 | CVE-2020-15838 | Incorrect Permission Assignment for Critical Resource vulnerability in Connectwise Automate 2019.12/2020.0/2020.7 The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | 8.8 |
| 2020-07-16 | CVE-2020-15027 | Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7 ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. | 9.8 |
| 2020-07-07 | CVE-2020-15008 | SQL Injection vulnerability in Connectwise Automate 2019.12 A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. | 7.5 |
| 2020-06-15 | CVE-2020-14159 | SQL Injection vulnerability in Connectwise Automate API By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. | 8.8 |
| 2020-01-23 | CVE-2019-16517 | Origin Validation Error vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 9.8 |
| 2020-01-23 | CVE-2019-16516 | Information Exposure Through Discrepancy vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 5.3 |
| 2020-01-23 | CVE-2019-16515 | Unspecified vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 6.5 |