Known Vulnerabilities for products from ConnectWise
Listed below are 20 of the newest known vulnerabilities associated with the vendor "ConnectWise".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6066 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2023-25719 json | ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as th... | 8.8 - HIGH | 2023-02-13 | 2023-03-05 |
| CVE-2023-25718 json | ** DISPUTED ** In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signe... | 9.8 - CRITICAL | 2023-02-13 | 2023-11-07 |
| CVE-2023-23130 json | ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP ... | 5.9 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2023-23128 json | ** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's positio... | 6.1 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2023-23127 json | ** DISPUTED **In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing ... | 5.3 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2023-23126 json | ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipu... | 6.1 - MEDIUM | 2023-02-01 | 2023-11-07 |
| CVE-2022-36781 json | WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a ... | 5.3 - MEDIUM | 2022-09-28 | 2024-03-14 |
| CVE-2021-35066 json | An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | 9.8 - CRITICAL | 2021-06-21 | 2021-06-28 |
| CVE-2021-32582 json | An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inven... | 7.5 - HIGH | 2021-06-17 | 2021-06-22 |
| CVE-2020-15838 json | The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has we... | 8.8 - HIGH | 2020-10-09 | 2021-07-21 |
| CVE-2020-15027 json | ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypa... | 9.8 - CRITICAL | 2020-07-16 | 2020-07-24 |
| CVE-2020-15008 json | A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe i... | 7.5 - HIGH | 2020-07-07 | 2020-07-16 |
| CVE-2020-14159 json | By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or... | 8.8 - HIGH | 2020-06-15 | 2020-06-24 |
| CVE-2019-16517 json | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfigur... | 9.8 - CRITICAL | 2020-01-23 | 2020-01-28 |
| CVE-2019-16516 json | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration... | 5.3 - MEDIUM | 2020-01-23 | 2022-02-20 |
| CVE-2019-16515 json | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security heade... | 6.5 - MEDIUM | 2020-01-23 | 2020-01-30 |
| CVE-2019-16514 json | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote co... | 7.2 - HIGH | 2020-01-23 | 2020-01-28 |
| CVE-2019-16513 json | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send AP... | 8.8 - HIGH | 2020-01-23 | 2020-01-24 |
| CVE-2019-16512 json | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the ... | 4.8 - MEDIUM | 2020-01-23 | 2020-01-24 |
Known software with vulnerabilities from ConnectWise
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Connectwise | Automate | - |
| Application | Connectwise | Automate Api | 2019.12.337 |
| Application | Connectwise | Connectwise Automate | 2019.12 |
| Application | Connectwise | Control | 19.3.25270.7185 |
| Application | Connectwise | Manage | 2017.5 |