PT-2019-14004 · Code42 · Code42 Enterprise
Published
2019-09-17
·
Updated
2019-09-17
·
CVE-2019-15131
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Code42 Enterprise versions 6.7.5 and earlier
Code42 Enterprise versions 6.8.4 through 6.8.8
Code42 Enterprise version 7.0.0
Description
A vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed, potentially leading to code execution. This issue could enable an attacker to create directories and save files on Code42 servers.
Recommendations
For Code42 Enterprise versions 6.7.5 and earlier, update to a version later than 6.7.5 to resolve the issue.
For Code42 Enterprise versions 6.8.4 through 6.8.8, update to a version later than 6.8.8 to resolve the issue.
For Code42 Enterprise version 7.0.0, update to a version later than 7.0.0 to resolve the issue.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code42 Enterprise