code42 code42 for enterprise vulnerabilities and exploits

(subscribe to this query)

2.1

CVSSv2

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.

Code42 Crashplan For Small Business Code42 Code42 For Enterprise

4.4

CVSSv2

Code42 Enterprise and Crashplan for Small Business Client version 6.7 prior to 6.7.5, 6.8 prior to 6.8.8, and 6.9 prior to 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privileg...

Code42 Code42 For Enterprise Code42 Crashplan For Small Business

6.5

CVSSv2

In Code42 app prior to 8.8.0, eval injection allows an malicious user to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPl...

Code42 Code42

4.6

CVSSv2

The Code42 app prior to 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a ...

Code42 Code42

6.5

CVSSv2

In Code42 for Enterprise up to and including 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with per...

Code42 Code42

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook