CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:code42_for_enterprise:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*
cpe:2.3:a:code42:crashplan_for_small_business:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-07-19 14:15

Updated : 2024-02-28 17:08


NVD link : CVE-2019-11552

Mitre link : CVE-2019-11552

CVE.ORG link : CVE-2019-11552


JSON object : View

Products Affected

code42

  • crashplan_for_small_business
  • code42_for_enterprise
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')