CVE-2019-15131 (GCVE-0-2019-15131)

Vulnerability from cvelistv5 – Published: 2019-09-17 11:54 – Updated: 2024-08-05 00:34
VLAI?
Summary
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://code42.com/r/support/CVE-2019-15131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-17T11:55:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://code42.com/r/support/CVE-2019-15131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories",
              "refsource": "MISC",
              "url": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories"
            },
            {
              "name": "https://code42.com/r/support/CVE-2019-15131",
              "refsource": "CONFIRM",
              "url": "https://code42.com/r/support/CVE-2019-15131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15131",
    "datePublished": "2019-09-17T11:54:29.000Z",
    "dateReserved": "2019-08-17T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:34:53.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-15131",
      "date": "2026-04-25",
      "epss": "0.01132",
      "percentile": "0.78406"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*\", \"versionEndIncluding\": \"6.7.5\", \"matchCriteriaId\": \"26888583-9BF6-4EE3-8F59-C15CFBE371FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"6.8.4\", \"versionEndIncluding\": \"6.8.8\", \"matchCriteriaId\": \"DB0CE390-6BCB-4A0E-8257-AD6480F2ABFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:code42:code42:7.0.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"C6B27735-D667-4A90-9D71-EDF8F38EB9B9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.\"}, {\"lang\": \"es\", \"value\": \"En Code42 Enterprise versi\\u00f3n 6.7.5 y anteriores, versiones 6.8.4 hasta 6.8.8 y versi\\u00f3n 7.0.0, ha sido identificada una vulnerabilidad que puede permitir que archivos arbitrarios sean cargados y ejecutados en los servidores de Code42. Esta vulnerabilidad podr\\u00eda permitir a un atacante crear directorios y guardar archivos en servidores Code42, lo que podr\\u00eda conllevar potencialmente a la ejecuci\\u00f3n de c\\u00f3digo.\"}]",
      "id": "CVE-2019-15131",
      "lastModified": "2024-11-21T04:28:07.147",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-09-17T12:15:10.167",
      "references": "[{\"url\": \"https://code42.com/r/support/CVE-2019-15131\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://code42.com/r/support/CVE-2019-15131\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-15131\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-17T12:15:10.167\",\"lastModified\":\"2024-11-21T04:28:07.147\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.\"},{\"lang\":\"es\",\"value\":\"En Code42 Enterprise versi\u00f3n 6.7.5 y anteriores, versiones 6.8.4 hasta 6.8.8 y versi\u00f3n 7.0.0, ha sido identificada una vulnerabilidad que puede permitir que archivos arbitrarios sean cargados y ejecutados en los servidores de Code42. Esta vulnerabilidad podr\u00eda permitir a un atacante crear directorios y guardar archivos en servidores Code42, lo que podr\u00eda conllevar potencialmente a la ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*\",\"versionEndIncluding\":\"6.7.5\",\"matchCriteriaId\":\"26888583-9BF6-4EE3-8F59-C15CFBE371FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"6.8.4\",\"versionEndIncluding\":\"6.8.8\",\"matchCriteriaId\":\"DB0CE390-6BCB-4A0E-8257-AD6480F2ABFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:code42:code42:7.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C6B27735-D667-4A90-9D71-EDF8F38EB9B9\"}]}]}],\"references\":[{\"url\":\"https://code42.com/r/support/CVE-2019-15131\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://code42.com/r/support/CVE-2019-15131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.