Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code42 code42 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-15131
In Code42 Enterprise 6.7.5 and previous versions, 6.8.4 up to and including 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an malicious user to create directories an...
Code42 Code42
Code42 Code42 7.0.0
4.6
CVSSv2
CVE-2018-20131
The Code42 app prior to 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a ...
Code42 Code42
6.5
CVSSv2
CVE-2019-11553
In Code42 for Enterprise up to and including 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with per...
Code42 Code42
6.9
CVSSv2
CVE-2019-16860
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbi...
Code42 Code42
6.5
CVSSv2
CVE-2020-12736
Code42 environments with on-premises server versions 7.0.4 and previous versions allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitatio...
Code42 Code42
6.9
CVSSv2
CVE-2019-16861
Code42 server up to and including 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execut...
Code42 Code42
6.5
CVSSv2
CVE-2021-43269
In Code42 app prior to 8.8.0, eval injection allows an malicious user to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPl...
Code42 Code42
4.4
CVSSv2
CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 prior to 6.7.5, 6.8 prior to 6.8.8, and 6.9 prior to 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privileg...
Code42 Code42 For Enterprise
Code42 Crashplan For Small Business
2.1
CVSSv2
CVE-2019-11551
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
Code42 Crashplan For Small Business
Code42 Code42 For Enterprise
7.5
CVSSv2
CVE-2017-9830
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
Code42 Crashplan 5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started