ConnectWise Automate 2022.11 Security Fix

11/03/2022
Products: Automate
Severity: Important
Priority: 2 - Moderate

Vulnerability 

CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) 

Severity 

Important—Vulnerabilities that could compromise confidential data or other processing resources but require additional access / privilege to do so. 

Priority  

2—Vulnerabilities that have elevated risk, but exploits are neither known nor anticipated to be imminent. Recommend updates within normal change management timelines but no longer than 30 days. 

Affected versions 

ConnectWise Automate versions 2022.10 and earlier are impacted.

Remediation 

Cloud:

Cloud instances have already been updated to the latest ConnectWise Automate release. Partners should ensure all instances of the Control Center client are up to date. 

On-premise:

Apply the 2022.11 release and ensure all instances of the Control Center client are up to date. 

Additional information 

Visit https://home.connectwise.com/securityBulletin/6363c9556e80800001cdcfc6