Code42 server versions 7.0.4 Improper Privilege Management Vulnerability


A vulnerability has been identified that could allow an attacker to escalate privilege and execute arbitrary code on an on-premises Code42 server.


The information has been provided by Hung Tien Thanh

The original article can be found at:


Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.


Vulnerable Systems:

Code42 server versions 7.0.4


CVE Information:



Disclosure Timeline:
Published Date:7/7/2020

Categories: FeaturedNews