Code42 security advisories
This section provides advisories about security vulnerabilities in Code42 products. These security vulnerabilities have been entered in the Mitre Common Vulnerabilities and Exposures (CVE) list.
- About Code42 security advisories
- Arbitrary code execution on local Windows devices
- Arbitrary code execution on local Windows servers
- Arbitrary code execution via malicious Code42 agent proxy configuration
- Arbitrary file creation on Code42 servers
- Permissions vulnerability in Code42 agent on Linux
- Privilege Escalation in LoginToken API
- Remote code execution on Code42 servers
- Untrusted data is executed as System via a PAC file read by CrashPlanService.exe
- Users can restore files to locations they do not have write access to