An issue exists in ConnectWise Automate prior to 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an malicious user to extract database information or administrative credentials from an instance via crafted monitor status responses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
connectwise connectwise automate |