ConnectWise Automate Improper Restriction of XML External Entity Reference
06/18/2021
Vulnerability
CWE-611 Improper Restriction of XML External Entity Reference
Severity
Critical - Vulnerabilities that could allow the ability to remotely execute code or directly access confidential data.
Priority
1 - Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.
Affected Versions
2021.6 Build .131 and prior
Remediation
CLOUD:
No action needed. Cloud instances have been remediated.
ON-PREMISE:
Apply the 2021.0.6.132 patch
Additional Info
https://home.connectwise.com/securityBulletin/60cc8c63508a120001cb6e8d
Software Updates
https://cwa.connectwise.com/release/2021/Patches/AutomatePatch_21.0.6.132.exe