CVE-2021-32582
N/A
N/A
Summary
An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.connectwise.com/platform/unified-management/automate
- https://www.connectwise.com/company/trust/security-bulletins
- https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
References
- https://www.connectwise.com/platform/unified-management/automate
- https://www.connectwise.com/company/trust/security-bulletins
- https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.