Vulnerabilities > Connectwise > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2024-1709 Unspecified vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
network
low complexity
connectwise
critical
10.0
2023-02-13 CVE-2023-25718 Improper Verification of Cryptographic Signature vulnerability in Connectwise Control 19.3.25270.7185/22.9.10032
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file.
network
low complexity
connectwise CWE-347
critical
9.8
2021-06-21 CVE-2021-35066 XXE vulnerability in Connectwise Automate
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.
network
low complexity
connectwise CWE-611
critical
9.8
2020-07-16 CVE-2020-15027 Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.
network
low complexity
connectwise CWE-287
critical
9.8
2020-01-23 CVE-2019-16517 Origin Validation Error vulnerability in Connectwise Control 19.3.25270.7185
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.
network
low complexity
connectwise CWE-346
critical
9.8
2019-02-05 CVE-2017-18362 SQL Injection vulnerability in Connectwise Manageditsync 2017
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
network
low complexity
connectwise CWE-89
critical
9.8