CVE-2021-32582

HIGH

ConnectWise Automate < 2021.5 - SQL Injection via Monitor Status Response

Title source: llm
STIX 2.1

Description

An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.

References (3)

Core 3
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369

Scores

CVSS v3 7.5
EPSS 0.0113
EPSS Percentile 62.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
connectwise/connectwise_automate < 2021.5
Published Jun 17, 2021
Tracked Since Feb 18, 2026