Vulnerabilities > Code42 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2021-43269 | Code Injection vulnerability in Code42 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. | 6.5 |
| 2020-07-07 | CVE-2020-12736 | Improper Privilege Management vulnerability in Code42 Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. | 6.5 |
| 2019-11-19 | CVE-2019-16861 | Untrusted Search Path vulnerability in Code42 Code42 server through 7.0.2 for Windows has an Untrusted Search Path. | 6.9 |
| 2019-11-19 | CVE-2019-16860 | Untrusted Search Path vulnerability in Code42 Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. | 6.9 |
| 2019-07-19 | CVE-2019-11553 | Improper Privilege Management vulnerability in Code42 In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. | 6.5 |
| 2019-07-19 | CVE-2019-11552 | Code Injection vulnerability in Code42 products Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. | 4.4 |
| 2019-01-03 | CVE-2018-20131 | Incorrect Permission Assignment for Critical Resource vulnerability in Code42 The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. | 4.6 |