Overview
- Description
- In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-434
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26888583-9BF6-4EE3-8F59-C15CFBE371FF",
"versionEndIncluding": "6.7.5"
},
{
"criteria": "cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB0CE390-6BCB-4A0E-8257-AD6480F2ABFE",
"versionEndIncluding": "6.8.8",
"versionStartIncluding": "6.8.4"
},
{
"criteria": "cpe:2.3:a:code42:code42:7.0.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6B27735-D667-4A90-9D71-EDF8F38EB9B9"
}
],
"operator": "OR"
}
]
}
]