Sign-up

ID

VAR-202007-0245


CVE

CVE-2020-12736


TITLE

Code42 Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007825

DESCRIPTION

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection. Code42 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Code42 Software On-premises Code42 server is a locally deployed version of Code42 data protection server from Code42 Software in the United States. A remote attacker can use this vulnerability to execute code

Trust: 2.16

sources: NVD: CVE-2020-12736 // JVNDB: JVNDB-2020-007825 // CNVD: CNVD-2021-17757

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-17757

AFFECTED PRODUCTS

vendor:code42model:code42scope:lteversion:7.0.4

Trust: 1.0

vendor:code42model:code42scope:eqversion:7.0.4

Trust: 0.8

vendor:code42model:software on-premises code42 serverscope:lteversion:<=7.0.4

Trust: 0.6

sources: CNVD: CNVD-2021-17757 // JVNDB: JVNDB-2020-007825 // NVD: CVE-2020-12736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12736
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007825
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-17757
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-345
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-12736
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007825
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-17757
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12736
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007825
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-17757 // JVNDB: JVNDB-2020-007825 // CNNVD: CNNVD-202007-345 // NVD: CVE-2020-12736

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-007825 // NVD: CVE-2020-12736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-345

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-345

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007825

PATCH
title:Release notesurl:https://support.code42.com/Release_Notes
Trust: 0.8
title:Patch for Code42 Software On-premises Code42 server remote code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/253001
Trust: 0.6
title:Code42 Software On-premises Code42 server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124317
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-17757 // 
            
            
            
            JVNDB: JVNDB-2020-007825 // 
            
            
            
            CNNVD: CNNVD-202007-345

EXTERNAL IDS
db:NVDid:CVE-2020-12736
Trust: 3.0
db:JVNDBid:JVNDB-2020-007825
Trust: 0.8
db:CNVDid:CNVD-2021-17757
Trust: 0.6
db:NSFOCUSid:48108
Trust: 0.6
db:CNNVDid:CNNVD-202007-345
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-17757 // 
            
            
            
            JVNDB: JVNDB-2020-007825 // 
            
            
            
            CNNVD: CNNVD-202007-345 // 
            
            
            
            NVD: CVE-2020-12736

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-12736
Trust: 2.0
url:https://support.code42.com/release_notes
Trust: 1.6
url:https://code42.com/r/support/cve-2020-12736
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12736
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48108
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-17757 // 
            
            
            
            JVNDB: JVNDB-2020-007825 // 
            
            
            
            CNNVD: CNNVD-202007-345 // 
            
            
            
            NVD: CVE-2020-12736

SOURCES
db:CNVDid:CNVD-2021-17757
db:JVNDBid:JVNDB-2020-007825
db:CNNVDid:CNNVD-202007-345
db:NVDid:CVE-2020-12736

LAST UPDATE DATE
2024-11-23T22:44:29.390000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-17757date:2021-03-16T00:00:00
db:JVNDBid:JVNDB-2020-007825date:2020-08-27T00:00:00
db:CNNVDid:CNNVD-202007-345date:2020-08-27T00:00:00
db:NVDid:CVE-2020-12736date:2024-11-21T05:00:10.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-17757date:2020-03-16T00:00:00
db:JVNDBid:JVNDB-2020-007825date:2020-08-27T00:00:00
db:CNNVDid:CNNVD-202007-345date:2020-07-07T00:00:00
db:NVDid:CVE-2020-12736date:2020-07-07T20:15:09.947