Vulnerability Details : CVE-2019-15131
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.
Products affected by CVE-2019-15131
Exploit prediction scoring system (EPSS) score for CVE-2019-15131
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15131
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-15131
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15131
-
https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories
Code42 security advisories - Code42 SupportVendor Advisory
-
https://code42.com/r/support/CVE-2019-15131
Arbitrary file creation on Code42 servers - Code42 SupportVendor Advisory
Jump to