← back
CVE-2021-32582

CVE-2021-32582

EPSS 1.1%
An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369https://www.connectwise.com/company/trust/security-bulletinshttps://www.connectwise.com/platform/unified-management/automate