ConnectWise Automate Improper Restriction of XML External Entity Reference

06/18/2021
Products: Automate
Severity: Critical
Priority: 1 - High

Vulnerability

CWE-611 Improper Restriction of XML External Entity Reference

Severity

Critical - Vulnerabilities that could allow the ability to remotely execute code or directly access confidential data.

Priority

1 - Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.

Affected Versions

2021.6 Build .131 and prior

Remediation

CLOUD:

No actionneeded.  Cloud instanceshavebeenremediated.

ON-PREMISE:

Apply the 2021.0.6.132 patch 

Additional Info

https://home.connectwise.com/securityBulletin/60cc8c63508a120001cb6e8d

Software Updates

https://cwa.connectwise.com/release/2021/Patches/AutomatePatch_21.0.6.132.exe