Vulnerability Description
An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Connectwise | Connectwise Automate | < 2021.5 |
Related Weaknesses (CWE)
References
- https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369Permissions RequiredVendor Advisory
- https://www.connectwise.com/company/trust/security-bulletinsVendor Advisory
- https://www.connectwise.com/platform/unified-management/automateProduct
- https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369Permissions RequiredVendor Advisory
- https://www.connectwise.com/company/trust/security-bulletinsVendor Advisory
- https://www.connectwise.com/platform/unified-management/automateProduct
FAQ
What is CVE-2021-32582?
CVE-2021-32582 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database informat...
How severe is CVE-2021-32582?
CVE-2021-32582 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32582?
Check the references section above for vendor advisories and patch information. Affected products include: Connectwise Connectwise Automate.