Usage subject to Terms and Conditions

Category Cybersecurity Alerts, News, and Tips

ConnectWise Authentication Bypass

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-07-16-connectwise-authentication-bypass

A vulnerability exists in a ConnectWise Automate API that could potentially allow a remote user to execute modifications within an individual Automate instance. This affects on-premise and cloud based versions of the product.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-07-16-connectwise-authentication-bypass

ConnectWise Automate API Vulnerability

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-07-16-connectwise-automate-api-vulnerability

A vulnerability exists in a ConnectWise Automate API that could potentially allow a remote user to execute arbitrary SQL statements against an individual Automate instance. This affects on-premise and cloud based versions of the product.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-07-16-connectwise-automate-api-vulnerability

ConnectWise Security Bulletin – ConnectWise Control Phishing Issue

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-07-02-connectwise-security-bulletin-connectwise-control-phishing-issue

Several reports have been received that a number of partners have received phishing emails purporting to take the partner to a fake Control login page and asking for credentials.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-07-02-connectwise-security-bulletin-connectwise-control-phishing-issue

ConnectWise Security Bulletin – New Customer Portal

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-22-connectwise-security-bulletin-new-customer-portal_2

ConnectWise is aware of a vulnerability in the New Customer Portal that could potentially allow an authenticated user access to that individual Administrative portal tenant. This issue was discovered internally. There has been no indication of exploitation.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-22-connectwise-security-bulletin-new-customer-portal_2

ConnectWise Security Bulletin – New Customer Portal

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-22-connectwise-security-bulletin-new-customer-portal

ConnectWise is aware of a vulnerability in the New Customer Portal that could potentially allow a remote user to execute modifications within an individual environment. This issue was responsibly disclosed by trusted advisors. There have been no reports of exploitation.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-22-connectwise-security-bulletin-new-customer-portal

UPDATE – ConnectWise Automate API Vulnerability

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-13-update-connectwise-automate-api-vulnerability

This is an update to our previous message noting the hotfix application to address the security vulnerability issue that was communicated on June 12, 2020 and June 10, 2020. ConnectWise identified a need for additional hardening measures to be applied to the hotfixes and these new hotfixes are now available.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-13-update-connectwise-automate-api-vulnerability

UPDATE – ConnectWise Automate API Vulnerability

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-12-update-connectwise-automate-api-vulnerability

This is an update to our previous message noting the hotfix application to address the security vulnerability issue that was communicated on June 10, 2020. ConnectWise has identified a need for additional hardening measures to be applied to the hotfixes and are currently working to update the fixes accordingly. Updates are expected later today, but we recommend all Automate partners take the following actions listed below.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2020-06-12-update-connectwise-automate-api-vulnerability

ConnectWise Automate API Vulnerability

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-spi-vulnerability

ConnectWise is aware of a vulnerability in a ConnectWise Automate API that could potentially allow a remote user to execute modifications within an individual Automate instance. This affects on-premise and cloud based versions of the product.

Read the original article at https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-spi-vulnerability