CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*

History

18 Apr 2022, 17:01

Type Values Removed Values Added
CWE CWE-434 CWE-94
References (CONFIRM) https://code42.com/r/support/CVE-2019-11552 - (CONFIRM) https://code42.com/r/support/CVE-2019-11552 - Vendor Advisory

Information

Published : 2019-07-19 14:15

Updated : 2024-02-04 20:20


NVD link : CVE-2019-11552

Mitre link : CVE-2019-11552

CVE.ORG link : CVE-2019-11552


JSON object : View

Products Affected

code42

  • code42_for_enterprise
  • crashplan_for_small_business
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')