Input validation

2020-07-1615:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.

CPENameOperatorVersion
automatelt2019.12
automatege2020.0
automatele2020.7

Name	Operator	Version
automate	lt	2019.12
automate	ge	2020.0
automate	le	2020.7

References

slagle.tech/2020/07/06/cve-2020-15027/