-
EDR / MDRIdentify, contain, respond, and stop malicious activity on endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage security risk for SaaS apps
-
SASEZero trust secure access for users, locations, and devices
-
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
ConnectWise BCDR and R1Soft Server Backup Manager Critical Security Release
10/28/2022
Vulnerability
CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component.
Severity
Critical – Vulnerabilities that could allow the ability to execute remote code or directly access confidential data.
Priority
1 – Vulnerabilities that are either being targeted or have a higher risk of being targeted by exploits in the wild. Recommend patching as soon as possible.
Affected versions
ConnectWise Recover: Recover v2.9.7 and earlier versions are impacted.
R1Soft: SBM v6.16.3 and earlier versions are impacted.
Remediation
ConnectWise Recover:
Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover (v2.9.9).
R1Soft:
Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki.
Please refer to the release notes for more information.
Additional information
Visit home.connectwise.com/securityBulletin/635bd34f6e80800001cdcfbe