ConnectWise fixes RCE bug exposing thousands of servers to attacks


In order to address a serious vulnerability in the secure backup solutions for ConnectWise Recover and R1Soft Server Backup Manager (SBM), ConnectWise has published security upgrades. According to Connectwise, this vulnerability has a critical severity and could allow attackers to remotely access sensitive information or run code.

The security risk is caused by an injection weakness referred to by the business as “Improper Neutralization of Special Elements in Output Used by a Downstream Component” in an advisory released today. Read More…