ConnectWise Automate Improper Neutralization of Special Elements
05/11/2021
Vulnerability
CWE-89 - Improper Neutralization of Special Elements
Severity
Important - Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so.
Priority
2 - Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend updates within normal change management timelines but no longer than 30 days.
Affected Versions
2021.4 and earlier
Remediation
CLOUD:
No action needed. Cloud instances have been remediated.
ON-PREMISE:
Apply the 2021.5 release.
Additional Info
https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
Software Updates
https://cwa.connectwise.com/release/2021/Patches/AutomatePatch_21.0.5.108.exe