Security Bulletins

ConnectWise Automate API Vulnerability

Tue, 09 Jun 2020 16:00:00 Z

ConnectWise is aware of a vulnerability in a ConnectWise Automate API that could potentially allow a remote user to execute modifications within an individual Automate instance. This affects on-premise and cloud based versions of the product.

UPDATE - ConnectWise Automate API Vulnerability

Thu, 11 Jun 2020 16:00:00 Z

This is an update to our previous message noting the hotfix application to address the security vulnerability issue that was communicated on June 10, 2020. ConnectWise has identified a need for additional hardening measures to be applied to the hotfixes and are currently working to update the fixes accordingly. Updates are expected later today, but we recommend all Automate partners take the following actions listed below.

UPDATE - ConnectWise Automate API Vulnerability

Fri, 12 Jun 2020 16:00:00 Z

This is an update to our previous message noting the hotfix application to address the security vulnerability issue that was communicated on June 12, 2020 and June 10, 2020. ConnectWise identified a need for additional hardening measures to be applied to the hotfixes and these new hotfixes are now available.

ConnectWise Security Bulletin - New Customer Portal

Sun, 21 Jun 2020 16:00:00 Z

ConnectWise is aware of a vulnerability in the New Customer Portal that could potentially allow a remote user to execute modifications within an individual environment. This issue was responsibly disclosed by trusted advisors. There have been no reports of exploitation.

ConnectWise Security Bulletin - New Customer Portal

Sun, 21 Jun 2020 16:00:00 Z

ConnectWise is aware of a vulnerability in the New Customer Portal that could potentially allow an authenticated user access to that individual Administrative portal tenant. This issue was discovered internally. There has been no indication of exploitation.

ConnectWise Control Host Header Injection

Tue, 15 Dec 2020 16:00:00 Z

ConnectWise Automate Multiple Security Fixes

Thu, 21 Jan 2021 16:00:00 Z

ConnectWise Automate Improper Authentication

Wed, 07 Apr 2021 16:00:00 Z

ConnectWise Automate Improper Neutralization of Special Elements

Mon, 10 May 2021 16:00:00 Z

ConnectWise Automate Improper Restriction of XML External Entity Reference

Thu, 17 Jun 2021 16:00:00 Z

July 6, 2021 - Updated Trust Site & Resetting of RSS Feed

Mon, 05 Jul 2021 16:00:00 Z

ConnectWise Automate Plugin Insufficiently Protected Credentials

Tue, 16 Nov 2021 16:00:00 Z

Partner InfoSec Hotline Unavailable/Alternate Communication Mechanism

Thu, 07 Apr 2022 16:00:00 Z

ConnectWise Automate: Protection Mechanism Failure

Wed, 13 Jul 2022 16:00:00 Z

ConnectWise Automate 2022.8 Security Fix

Wed, 03 Aug 2022 16:00:00 Z

ConnectWise Automate versions 2022.7 and earlier are impacted.

ConnectWise Automate 2022.9 Security Fix

Wed, 07 Sep 2022 16:00:00 Z

ConnectWise Automate versions 2022.8 and earlier are impacted.

ConnectWise ScreenConnect 23.9.8 security fix

Sun, 18 Feb 2024 16:00:00 Z

ConnectWise ScreenConnect™ versions 23.9.7 and earlier are impacted.

ConnectWise Authentication Bypass

Wed, 15 Jul 2020 16:00:00 Z

A vulnerability exists in a ConnectWise Automate API that could potentially allow a remote user to execute modifications within an individual Automate instance. This affects on-premise and cloud based versions of the product.

ConnectWise Automate 2022.11 Security Fix

Wed, 02 Nov 2022 16:00:00 Z

ConnectWise Automate versions 2022.10 and earlier are impacted.

ConnectWise Automate 2023.1 Security Fix

Fri, 20 Jan 2023 16:00:00 Z

ConnectWise Automate versions 2022.12 and earlier are impacted.

ConnectWise Automate 2023.5 Security Fix

Wed, 10 May 2023 16:00:00 Z

Pull from blurb within card on /company/trust/security-bulletins

ConnectWise Automate 2024.3 security fix

Thu, 14 Mar 2024 04:00:00 Z

ConnectWise Automate server version 2024.2 and earlier versions have been identified as vulnerable to blind SQL injection (time-based) within the API.

Security Bulletin | Automate Security Fix 2025.9

Thu, 16 Oct 2025 04:00:00 Z

ConnectWise has released a security update for ConnectWise Automate addressing vulnerabilities that could expose agent communications and updates to interception or tampering if certain configurations are used.

ConnectWise Automate API Vulnerability

Wed, 15 Jul 2020 16:00:00 Z

A vulnerability exists in a ConnectWise Automate API that could potentially allow a remote user to execute arbitrary SQL statements against an individual Automate instance. This affects on-premise and cloud based versions of the product.

ConnectWise Automate: Network Probe Insufficiently Protected Credentials

Wed, 11 May 2022 16:00:00 Z

ConnectWise Automate: Security Fixes

Wed, 22 Jun 2022 16:00:00 Z

ConnectWise BCDR and R1Soft Server Backup Manager Critical Security Release

Thu, 27 Oct 2022 16:00:00 Z

ConnectWise BCDR (formerly Recover): Recover v2.9.7 and earlier versions are impacted. R1Soft: SBM v6.16.3 and earlier versions are impacted.

ConnectWise Control Broken Access Control

Mon, 14 Jun 2021 16:00:00 Z

ConnectWise Control Improper Authentication

Wed, 19 Aug 2020 16:00:00 Z

ConnectWise PSA 2022.2 Security Fix

Wed, 11 Oct 2023 16:00:00 Z

ConnectWise PSA™ versions 2022.2 and earlier are impacted.

ConnectWise PSA 2025.9 Security Fix

Wed, 09 Jul 2025 04:00:00 Z

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Please see the bulletin for more information.

ConnectWise ScreenConnect 23.8 Security Fix

Sun, 19 Nov 2023 16:00:00 Z

ConnectWise ScreenConnect, ConnectWise Automate (cloud instances only where ScreenConnect is installed)

ConnectWise Security Bulletin - ConnectWise Control Phishing Issue

Wed, 01 Jul 2020 16:00:00 Z

Several reports have been received that a number of partners have received phishing emails purporting to take the partner to a fake Control login page and asking for credentials.

ConnectWise Security: Public Service Announcement

Fri, 30 Oct 2020 16:00:00 Z

ScreenConnect 25.2.4 Security Patch

Thu, 24 Apr 2025 04:00:00 Z

ScreenConnect versions 25.2.3 and earlier are impacted. Please see the following bulletin for more information.