CVE-2019-15131

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could...

CVE-2019-15131

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could...

CVE-2019-11551

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...

CVE-2019-11551

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...

Cross site request forgery (csrf)

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write...

CVE-2019-11551

CVE-2019-11551 — Code42 Enterprise / CrashPlan for Small Business (Client ≤ 6.9.1) : An attacker with local access can craft a restore request via the Code42 app to write a file to a location they should not be able to write. Root cause: insufficient validation of the restore target path in the c...

CVE-2019-11553

In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user coul...

CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

CVE-2019-11552

Code42 Enterprise and CrashPlan for Small Business Client versions 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 are affected by an eval injection vulnerability. A proxy auto-configuration (PAC) file, crafted by a user with lower privileges, may be used to execute arbitrary code with t...

CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

Code42 for Enterprise for Linux Insecure Privilege Unauthorized Access Vulnerability

Code42 for Enterprise for Linux is an enterprise-class data protection system based on the Linux platform from Code42 Software. The system is capable of detecting insider threats and preventing data leakage and loss. A security vulnerability exists in versions of Code42 for Enterprise prior to...