Skip to main content
Try Our Software

Security bulletins

ConnectWise uses various methods to communicate security vulnerability information to customers. A Security Bulletin is used when publicly disclosing security vulnerabilities discovered in ConnectWise offerings.

Alternative tools and processes are used, where appropriate, when targeted or discrete communication with entitled customers is required. To protect our customers, ConnectWise does not publicly disclose or confirm security vulnerabilities until ConnectWise has conducted an analysis of the product and has issued fixes and/or mitigations.

Security Bulletins notify customers about one or more vulnerabilities. These bulletins provide guidance to assist customers in assessing the impact of any actual or potential security vulnerability in the context of their environment.

---

We have created an RSS feed for these security bulletins. As bulletins get posted to this page, the RSS feed will be updated. Paste this link into your RSS feed reader to get updates. New to setting up RSS, or need help with RSS feeds? Here are some helpful articles to get you started:
What are RSS feeds? | How to Set Up an RSS Feed in Microsoft Outlook 2019 | Chrome Extensions: RSS Readers

Filter By:
Select your date range:
07/06/2021
Moderate
July 6, 2021 - Updated Trust Site & Resetting of RSS Feed
Learn More >>
06/18/2021
Critical
ConnectWise Automate Improper Restriction of XML External Entity Reference
Learn More >>
06/15/2021
Important
ConnectWise Control Broken Access Control
Learn More >>
05/11/2021
Important
ConnectWise Automate Improper Neutralization of Special Elements
Learn More >>
04/08/2021
Critical
ConnectWise Automate Improper Authentication
Learn More >>
01/22/2021
Critical
ConnectWise Automate Multiple Security Fixes
Learn More >>
12/16/2020
Important
ConnectWise Control Host Header Injection
Learn More >>
10/31/2020
ConnectWise Security: Public Service Announcement
Learn More >>
Load More