Vulnerabilities > Code42 > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-20 CVE-2021-43269 Code Injection vulnerability in Code42
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution.
network
low complexity
code42 CWE-94
8.8
2020-07-07 CVE-2020-12736 Injection vulnerability in Code42
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution.
network
low complexity
code42 CWE-74
7.2
2019-11-19 CVE-2019-16861 Untrusted Search Path vulnerability in Code42
Code42 server through 7.0.2 for Windows has an Untrusted Search Path.
local
low complexity
code42 CWE-426
7.3
2019-11-19 CVE-2019-16860 Untrusted Search Path vulnerability in Code42
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path.
local
low complexity
code42 CWE-426
7.3
2019-07-19 CVE-2019-11553 Improper Privilege Management vulnerability in Code42
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission.
network
low complexity
code42 CWE-269
8.8
2019-07-19 CVE-2019-11552 Code Injection vulnerability in Code42 products
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection.
local
high complexity
code42 CWE-94
7.0
2019-01-03 CVE-2018-20131 Incorrect Permission Assignment for Critical Resource vulnerability in Code42
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory.
local
low complexity
code42 CWE-732
7.8