CVE-2019-11552

HIGH

Code42 Enterprise <6.7.5, 6.8 <6.8.8, 6.9 <6.9.4 - Code Injection

Title source: llm
STIX 2.1

Description

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://bordplate.no/blog/en/post/crashplan-privilege-escalation/
Vendor Advisory x_refsource_confirm
https://code42.com/r/support/CVE-2019-11552

Scores

CVSS v3 7.0
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
code42/code42_for_enterprise 6.7 - 6.7.5
code42/crashplan_for_small_business 6.7 - 6.7.5
Published Jul 19, 2019
Tracked Since Feb 18, 2026