Code42 Security Vulnerabilities and Issues — Code42 CVE List

Lucene search

Code42Code42

7 matches found

CVE•added 2019/07/19 5:15 p.m.•132 views

CVE-2019-11553

In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could ...

8.8CVSS8.4AI score0.00226EPSS

CVE•added 2022/01/20 2:15 a.m.•62 views

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Pr...

8.8CVSS8.9AI score0.00774EPSS

CVE•added 2019/11/19 1:15 p.m.•41 views

CVE-2019-16861

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated...

7.3CVSS7.5AI score0.00051EPSS

CVE•added 2019/11/19 1:15 p.m.•40 views

CVE-2019-16860

Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an el...

7.3CVSS7.5AI score0.00048EPSS

CVE•added 2020/07/07 8:15 p.m.•38 views

CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

7.2CVSS7.3AI score0.03111EPSS

CVE•added 2019/09/17 12:15 p.m.•34 views

CVE-2019-15131

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could pot...

9.8CVSS9.4AI score0.01132EPSS

CVE•added 2019/01/03 1:29 a.m.•25 views

CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would no...

7.8CVSS7.5AI score0.00041EPSS