Who is this article for?
Code42 for Enterprise, yes.
CrashPlan for Small Business, no.
This article provides details about a security vulnerability on Code42 servers.
To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.
If you have questions or concerns, contact our Customer Champions for support.
A vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed.
- Code42 environments with on-premises authority or storage servers running the following versions:
- 6.8.4 - 6.8.8
- 6.7.5 and older
|Date published||September 16, 2019|
|Number of vulnerabilities||1|
|Products||Code42 for Enterprise|
|Affected product versions||
Code42 server versions 6.7.5 and earlier, 6.8.4 - 6.8.8, and 7.0.0
|Vulnerability type||Directory traversal|
|Affected components||Code42 authority and storage servers|
|Attack vectors||An attacker can access Code42 servers and upload files.|
|Description of the vulnerability||This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.|
Vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
|Additional information||Thanks to An Trinh of Viettel Cyber Security for discovering this vulnerability.|