VYPR

Crashplan

by Code42

CVEs (3)

  • CVE-2017-9830CriJun 27, 2017
    risk 0.64cvss 9.8epss 0.06

    Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.

  • CVE-2021-43269Jan 20, 2022
    risk 0.00cvss epss 0.01

    In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for…

  • CVE-2018-20131Jan 3, 2019
    risk 0.00cvss epss 0.00

    The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a…