Skip to main content
Try Our Software

ConnectWise Automate API Vulnerability

07/16/2020
Products: Automate
Severity: Critical
Priority: 1 - High

Vulnerability Details:

CVSS Score: 7.9

CWE: 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description:

Inadequate server-side validation within the probe implementation could potentially allow arbitrary statements to be executed.

Remediation:

CLOUD PARTNERS:

  • ConnectWise has applied the 2020.0.7.251 patch across all cloud partner environments.

ON-PREMISE PARTNERS:

  • On-premise partners should immediately apply the patches listed below, following the important pre and post patch instructions available in the ConnectWise University here. The download link is available in the instruction page.

ConnectWise Automate 2020.0.7.251

ConnectWise Automate 2019.0.12.342