Arbitrary File Upload and Execution Vulnerability in Code42 Enterprise

Arbitrary File Upload and Execution Vulnerability in Code42 Enterprise

CVE-2019-15131 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.

Learn more about our Cis Benchmark Audit For Server Software.