Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for code42_for_enterprise by code42
FKIE_CVE-2019-11551
Vulnerability from fkie_nvd - Published: 2019-08-21 18:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| code42 | code42_for_enterprise | * | |
| code42 | crashplan_for_small_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "570E4E07-E139-4F42-88CB-2232D1C882EB",
"versionEndIncluding": "6.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C60223FE-7FA6-4D03-B4B1-78744E6C6857",
"versionEndIncluding": "6.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write."
},
{
"lang": "es",
"value": "En Code42 Enterprise y Crashplan for Small Business a trav\u00e9s de Client versi\u00f3n 6.9.1, un atacante puede elaborar una solicitud de restauraci\u00f3n para restaurar un archivo a trav\u00e9s de la aplicaci\u00f3n Code42 en una ubicaci\u00f3n que no tiene privilegios para escribir."
}
],
"id": "CVE-2019-11551",
"lastModified": "2024-11-21T04:21:19.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T18:15:13.197",
"references": [
{
"source": "cve@mitre.org",
"url": "https://code42.com/r/support/CVE-2019-11551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code42.com/r/support/CVE-2019-11551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11552
Vulnerability from fkie_nvd - Published: 2019-07-19 14:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bordplate.no/blog/en/post/crashplan-privilege-escalation/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://code42.com/r/support/CVE-2019-11552 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bordplate.no/blog/en/post/crashplan-privilege-escalation/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://code42.com/r/support/CVE-2019-11552 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| code42 | code42_for_enterprise | * | |
| code42 | code42_for_enterprise | * | |
| code42 | code42_for_enterprise | * | |
| code42 | crashplan_for_small_business | * | |
| code42 | crashplan_for_small_business | * | |
| code42 | crashplan_for_small_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E60B9E-F766-42C2-979C-A1432B1EEE6D",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8567BB9A-5F40-45BE-A105-3203190A2C18",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85A9B2FE-02C9-4E1A-8AB9-E60EB2DCC482",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969D004D-A8EA-4C09-913C-0D837C6645B7",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29E9F36F-3722-4C5A-BC81-3473396FE50A",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2A4C11-7783-4055-AC24-E100F49A0593",
"versionEndExcluding": "6.9.4",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user."
},
{
"lang": "es",
"value": "Code42 Enterprise y Crashplan for Small Business Client versiones 6.7 anteriores a 6.7.5, versiones 6.8 anteriores a 6.8.8 y versiones 6.9 anteriores a 6.9.4, permite una inyecci\u00f3n eval. Un archivo de autoconfiguraci\u00f3n de proxy, dise\u00f1ado por un usuario menos privilegiado, puede ser usado para ejecutar c\u00f3digo arbitrario con un privilegio superior al de un usuario de servicio."
}
],
"id": "CVE-2019-11552",
"lastModified": "2024-11-21T04:21:19.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-19T14:15:12.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code42.com/r/support/CVE-2019-11552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code42.com/r/support/CVE-2019-11552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-11551 (GCVE-0-2019-11551)
Vulnerability from cvelistv5 – Published: 2019-08-21 17:47 – Updated: 2024-08-04 22:55
VLAI?
Summary
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2019-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code42.com/r/support/CVE-2019-11551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T16:08:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code42.com/r/support/CVE-2019-11551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code42.com/r/support/CVE-2019-11551",
"refsource": "CONFIRM",
"url": "https://code42.com/r/support/CVE-2019-11551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11551",
"datePublished": "2019-08-21T17:47:22.000Z",
"dateReserved": "2019-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11552 (GCVE-0-2019-11552)
Vulnerability from cvelistv5 – Published: 2019-07-19 13:51 – Updated: 2024-08-04 22:55
VLAI?
Summary
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code42.com/r/support/CVE-2019-11552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T16:00:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code42.com/r/support/CVE-2019-11552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/",
"refsource": "MISC",
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"name": "https://code42.com/r/support/CVE-2019-11552",
"refsource": "CONFIRM",
"url": "https://code42.com/r/support/CVE-2019-11552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11552",
"datePublished": "2019-07-19T13:51:23.000Z",
"dateReserved": "2019-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11551 (GCVE-0-2019-11551)
Vulnerability from nvd – Published: 2019-08-21 17:47 – Updated: 2024-08-04 22:55
VLAI?
Summary
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2019-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code42.com/r/support/CVE-2019-11551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T16:08:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code42.com/r/support/CVE-2019-11551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code42.com/r/support/CVE-2019-11551",
"refsource": "CONFIRM",
"url": "https://code42.com/r/support/CVE-2019-11551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11551",
"datePublished": "2019-08-21T17:47:22.000Z",
"dateReserved": "2019-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11552 (GCVE-0-2019-11552)
Vulnerability from nvd – Published: 2019-07-19 13:51 – Updated: 2024-08-04 22:55
VLAI?
Summary
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code42.com/r/support/CVE-2019-11552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T16:00:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code42.com/r/support/CVE-2019-11552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/",
"refsource": "MISC",
"url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation/"
},
{
"name": "https://code42.com/r/support/CVE-2019-11552",
"refsource": "CONFIRM",
"url": "https://code42.com/r/support/CVE-2019-11552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11552",
"datePublished": "2019-07-19T13:51:23.000Z",
"dateReserved": "2019-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}