Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
connectwise automate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Connectwise Screenconnect
1 Metasploit module
6 Github repositories
11 Articles
NA
CVE-2023-47256
ConnectWise ScreenConnect up to and including 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
Connectwise Screenconnect
Connectwise Automate -
NA
CVE-2023-47257
ConnectWise ScreenConnect up to and including 23.8.4 allows man-in-the-middle malicious users to achieve remote code execution via crafted messages.
Connectwise Screenconnect
Connectwise Automate -
NA
CVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated malicious user to reset Confluence and create a Confluence instance administrator account. Using this account, an ...
Atlassian Confluence Data Center
Atlassian Confluence Data Center 8.6.0
Atlassian Confluence Server
Atlassian Confluence Server 8.6.0
1 Metasploit module
11 Github repositories
4 Articles
NA
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Techni...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Automation Toolchain
F5 Big-ip Container Ingress Services
F5 Big-ip Application Security Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Fraud Protection Services
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
1 Metasploit module
12 Github repositories
4 Articles
NA
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.
Connectwise Automate 2022.11
1 Github repository
NA
CVE-2023-23130
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP...
Connectwise Automate 2022.11
1 Github repository
668
VMScore
CVE-2021-35066
An XXE vulnerability exists in ConnectWise Automate prior to 2021.0.6.132.
Connectwise Automate
445
VMScore
CVE-2021-32582
An issue exists in ConnectWise Automate prior to 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an malicious user to extract database information or administrative credentials from an instance via crafted monitor status re...
Connectwise Connectwise Automate
578
VMScore
CVE-2020-15838
The Agent Update System in ConnectWise Automate prior to 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
Connectwise Automate
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »