Vulnerabilities > Code42
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2021-43269 | Code Injection vulnerability in Code42 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. | 8.8 |
| 2020-07-07 | CVE-2020-12736 | Injection vulnerability in Code42 Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. | 7.2 |
| 2019-11-19 | CVE-2019-16861 | Untrusted Search Path vulnerability in Code42 Code42 server through 7.0.2 for Windows has an Untrusted Search Path. | 7.3 |
| 2019-11-19 | CVE-2019-16860 | Untrusted Search Path vulnerability in Code42 Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. | 7.3 |
| 2019-09-17 | CVE-2019-15131 | Unrestricted Upload of File with Dangerous Type vulnerability in Code42 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. | 9.8 |
| 2019-08-21 | CVE-2019-11551 | Improper Privilege Management vulnerability in Code42 products In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write. | 5.5 |
| 2019-07-19 | CVE-2019-11553 | Improper Privilege Management vulnerability in Code42 In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. | 8.8 |
| 2019-07-19 | CVE-2019-11552 | Code Injection vulnerability in Code42 products Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. | 7.0 |
| 2019-01-03 | CVE-2018-20131 | Incorrect Permission Assignment for Critical Resource vulnerability in Code42 The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. | 7.8 |
| 2017-06-27 | CVE-2017-9830 | Deserialization of Untrusted Data vulnerability in Code42 Crashplan 5.4 Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients. | 9.8 |