Vulnerability Details CVE-2021-32582
An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
- https://www.connectwise.com/company/trust/security-bulletins
- https://www.connectwise.com/platform/unified-management/automate
- https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369
- https://www.connectwise.com/company/trust/security-bulletins
- https://www.connectwise.com/platform/unified-management/automate
Products affected by CVE-2021-32582
-
cpe:2.3:a:connectwise:connectwise_automate:2019.12
-
cpe:2.3:a:connectwise:connectwise_automate:2020.7