CVE-2020-12736
Last modified
CVE-2020-12736 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. EPSS estimates a 2.03% chance of exploitation in the next 30 days.
Description
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Code42 | Code42 | <= 7.0.4 |
References
- https://code42.com/r/support/CVE-2020-12736Vendor Advisory
- https://support.code42.com/Release_NotesRelease Notes, Vendor Advisory
- https://code42.com/r/support/CVE-2020-12736Vendor Advisory
- https://support.code42.com/Release_NotesRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12736?
How severe is CVE-2020-12736?
How do I fix CVE-2020-12736?
Are you affected by CVE-2020-12736?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST