RSS   Vulnerabilities for 'Code42'   RSS

2019-09-17
 
CVE-2019-15131

CWE-434
 

 
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.

 
2019-07-19
 
CVE-2019-11553

CWE-284
 

 
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves.

 
2019-01-02
 
CVE-2018-20131

CWE-732
 

 
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.

 

 >>> Vendor: Code42 4 Products
Crashplan
Code42
Code42 for enterprise
Crashplan for small business


Copyright 2019, cxsecurity.com

 

Back to Top