Code42 server versions 7.0.4 Improper Privilege Management Vulnerability

Summary

A vulnerability has been identified that could allow an attacker to escalate privilege and execute arbitrary code on an on-premises Code42 server.

Credit:

The information has been provided by Hung Tien Thanh

The original article can be found at:https://code42.com/r/support/CVE-2020-12736


Details

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.

 

Vulnerable Systems:

Code42 server versions 7.0.4

 

CVE Information:

CVE-2020-12736

 

Disclosure Timeline:
Published Date:7/7/2020

Categories: FeaturedNews