Vulnerabilities > Code42 > Code42 > 4.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2021-43269 | Code Injection vulnerability in Code42 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. | 8.8 |
| 2020-07-07 | CVE-2020-12736 | Injection vulnerability in Code42 Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. | 7.2 |
| 2019-11-19 | CVE-2019-16861 | Untrusted Search Path vulnerability in Code42 Code42 server through 7.0.2 for Windows has an Untrusted Search Path. | 7.3 |
| 2019-11-19 | CVE-2019-16860 | Untrusted Search Path vulnerability in Code42 Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. | 7.3 |
| 2019-09-17 | CVE-2019-15131 | Unrestricted Upload of File with Dangerous Type vulnerability in Code42 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. | 9.8 |
| 2019-07-19 | CVE-2019-11553 | Improper Privilege Management vulnerability in Code42 In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. | 8.8 |
| 2019-01-03 | CVE-2018-20131 | Incorrect Permission Assignment for Critical Resource vulnerability in Code42 The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. | 7.8 |