Vulnerabilidades em ConnectWise
16 resultadosCVE-2024-1709CRITICALAuthentication bypass using an alternate path or channelEPSS 100.0%KEVCVE-2024-1708HIGHImproper limitation of a pathname to a restricted directory (“path traversal”)EPSS 87.6%KEVCVE-2025-3935HIGHScreenConnect Exposure to ASP.NET ViewState Code InjectionEPSS 3.3%KEVCVE-2022-36781MEDIUMConnectWise - ScreenConnect Session Code BypassEPSS 0.5%CVE-2026-3564CRITICALScreenConnect Instance Level Cryptographic Material ExposureEPSS 0.4%CVE-2026-0696MEDIUMSession Cookies Missing HttpOnly AttributeEPSS 0.4%CVE-2025-14265CRITICALImproper server-side validation in ScreenConnect extension frameworkEPSS 0.3%CVE-2026-9089HIGHThe ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operatioEPSS 0.3%CVE-2025-7204MEDIUMExposure of password hashes via API responses in ConnectWise PSAEPSS 0.3%CVE-2026-0695HIGHStored XSS in Time Entry Audit TrailEPSS 0.3%CVE-2026-11596MEDIUMIn ScreenConnect™ versions prior to 26.2, input
validation within the Host Pass creation functionality could allow an
authenticated user witEPSS 0.2%CVE-2025-11493HIGHSelf-Update Verification Mechanism Process in ConnectWise AutomateEPSS 0.2%CVE-2025-11492CRITICALHTTP Configuration and Encryption in TransitEPSS 0.2%CVE-2025-14823MEDIUMCertificate Signing Extension Returns Encrypted ValuesEPSS 0.1%CVE-2025-4876MEDIUMHardcoded Key Revealed in ConnectWise Password Encryption UtilityEPSS 0.1%CVE-2026-6066HIGHUnencrypted Client‑Server Communication in ConnectWise Automate™ Solution CenterEPSS 0.1%