Vulnerabilities > Code42 > Code42 > 6.8.6

DATE CVE VULNERABILITY TITLE RISK
2022-01-20 CVE-2021-43269 Code Injection vulnerability in Code42
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution.
network
low complexity
code42 CWE-94
6.5
2020-07-07 CVE-2020-12736 Improper Privilege Management vulnerability in Code42
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution.
network
low complexity
code42 CWE-269
6.5
2019-11-19 CVE-2019-16861 Untrusted Search Path vulnerability in Code42
Code42 server through 7.0.2 for Windows has an Untrusted Search Path.
local
code42 CWE-426
6.9
2019-11-19 CVE-2019-16860 Untrusted Search Path vulnerability in Code42
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path.
local
code42 CWE-426
6.9
2019-09-17 CVE-2019-15131 Unrestricted Upload of File with Dangerous Type vulnerability in Code42
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed.
network
low complexity
code42 CWE-434
7.5