Code42
CVE-2020-12736
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.
AnalysisAI
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection. Affected products include: Code42.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allo
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage u
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. Rated high severity (CVSS 7.3), this vulnerability
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. Rated high severity (CVSS 7.3), this vulnerab
Share
External POC / Exploit Code
Leaving vuln.today