6 matches found
CVE-2026-9089
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software developed by the American company ConnectWise. There is a security vulnerability in ConnectWise Automate Agent, which stems from an incomplete verification of component authenticity. This vulnerability may affect plugin...
EUVD-2025-34827
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
CVE-2025-11493
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...