By using an Automate API in ConnectWise Automate prior to 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions prior to 2019.12.337, 2020 prior to 2020.1.53, 2020.2 prior to 2020.2.85, 2020.3 prior to 2020.3.114, 2020.4 prior to 2020.4.143, and 2020.5 prior to 2020.5.178.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
connectwise automate api |