Lucene search
+L

361 matches found

RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.4 views

CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

9.6CVSS6.8AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.5 views

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

9.6CVSS6.8AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 9:31 p.m.4 views

EUVD-2025-34826

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

9.6CVSS6.2AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/16 9:31 p.m.4 views

EUVD-2025-34827

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

9.6CVSS6.2AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2025/10/16 7:15 p.m.6 views

CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

8.8CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 7:15 p.m.6 views

CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 7:15 p.m.5 views

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

9.6CVSS0.00196EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 7:15 p.m.4 views

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

7.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 7:0 p.m.8 views

CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

8.8CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 7:0 p.m.2 views

CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

8.8CVSS6.4AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/10/16 6:59 p.m.21 views

CVE-2025-11492

CVE-2025-11492 concerns the ConnectWise Automate Agent where communications could default to HTTP instead of HTTPS, enabling a man‑in‑the‑middle attacker to intercept, modify, or replay agent–server traffic. The issue is tied to insecure transport, with mitigation in Automate 2025.9: all agent co...

9.6CVSS6.4AI score0.00196EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 6:59 p.m.2 views

CVE-2025-11492 HTTP Configuration and Encryption in Transit

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

9.6CVSS6.4AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.6 views

PT-2025-42523

Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2025.9 Description The ConnectWise Automate Agent allows for configuration using HTTP instead of HTTPS. This configuration enables a man-in-the-middle attacker to intercept, modify, or replay agent-server...

9.6CVSS7.2AI score0.00196EPSS
Exploits0References20
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.7 views

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...

8.8CVSS6.9AI score0.00217EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from an improper configuration that allows the use of the HTTP protocol, which could lead to a man-in-the-middle attacker...

9.6CVSS6.7AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-21710

Malware in sbrugna...

9.8CVSS9.2AI score0.01061EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-7155

Malware in sbrugna...

9.8CVSS9.2AI score0.01343EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-3336

Malware in sbrugna...

8.8CVSS8.8AI score0.00477EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19422

Malware in sbrugna...

7.5CVSS7.5AI score0.01131EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-7192

Malware in sbrugna...

6.5CVSS6.6AI score0.01735EPSS
Exploits1References6
Rows per page
Query Builder