Skip to main content
An icon of a telephone receiver
Sign In
Cybersecurity Centre Try For Free

ConnectWise Automate: Security Fixes

06/23/2022
Products: Automate
Severity: Important
Priority: 2 - Moderate

Vulnerabilities 

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 

CWE-214 : Invocation of Process Using Visible Sensitive Information 

Severity 

Important - Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so. 

Priority  

2 - Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend prioritizing this update against their normal change management timelines and wait no longer than 30 days to install the patch.  

Affected Versions 

ConnectWise Automate versions 2022.5 and earlier are impacted. 

Remediation 

CLOUD: 

Cloud instances have already been updated to the latest Automation release.  

Please ensure that all Automate remote agents are updated to the latest remote agent Service Version (220.166). 

ON-PREMISE: 

Apply the 2022.6 release, and please ensure that all Automate remote agents are updated to the latest remote agent Service Version (220.166). 

Additional Info 

https://home.connectwise.com/securityBulletin/62b47198542ee70001f7b19e

Software Updates 

https://university.connectwise.com/University/automateresources/productsandupdates.aspx