Who is this article for?
Incydr Professional and Enterprise, yes.
Incydr Basic and Advanced, yes.
CrashPlan Cloud, yes.
Other product plans, yes.
CrashPlan for Small Business, no.
This article provides details about a security vulnerability on Code42 servers.
To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.
If you have questions or concerns, contact our Customer Champions for support.
A vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed.
- Code42 environments with on-premises authority or storage servers running the following versions:
- 6.8.4 - 6.8.8
- 6.7.5 and older
|Date published||September 16, 2019|
|Number of vulnerabilities||1|
|Products||Code42 for Enterprise|
|Affected product versions||
Code42 server versions 6.7.5 and earlier, 6.8.4 - 6.8.8, and 7.0.0
|Vulnerability type||Directory traversal|
|Affected components||Code42 authority and storage servers|
|Attack vectors||An attacker can access Code42 servers and upload files.|
|Description of the vulnerability||This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.|
Vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
|Additional information||Thanks to An Trinh of Viettel Cyber Security for discovering this vulnerability.|