Vulnerability Details CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.8%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 4.4
References
Products affected by CVE-2019-11552
-
cpe:2.3:a:code42:code42_for_enterprise:6.7
-
cpe:2.3:a:code42:code42_for_enterprise:6.8
-
cpe:2.3:a:code42:code42_for_enterprise:6.9.0
-
cpe:2.3:a:code42:code42_for_enterprise:6.9.1
-
cpe:2.3:a:code42:crashplan_for_small_business:6.7
-
cpe:2.3:a:code42:crashplan_for_small_business:6.8
-
cpe:2.3:a:code42:crashplan_for_small_business:6.9.0
-
cpe:2.3:a:code42:crashplan_for_small_business:6.9.1