Vulnerability Details CVE-2020-15027
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-15027
-
cpe:2.3:a:connectwise:automate:-
-
cpe:2.3:a:connectwise:automate:2020.0
-
cpe:2.3:a:connectwise:automate:2020.7