{"api_version":"1","generated_at":"2026-05-06T10:51:38+00:00","cve":"CVE-2019-15131","urls":{"html":"https://cve.report/CVE-2019-15131","api":"https://cve.report/api/cve/CVE-2019-15131.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-15131","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-15131"},"summary":{"title":"CVE-2019-15131","description":"In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-09-17 12:15:00","updated_at":"2019-09-17 15:04:00"},"problem_types":["CWE-434"],"metrics":[],"references":[{"url":"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories","name":"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories","refsource":"MISC","tags":["Vendor Advisory"],"title":"Code42 security advisories - Code42 Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://code42.com/r/support/CVE-2019-15131","name":"https://code42.com/r/support/CVE-2019-15131","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Arbitrary file creation on Code42 servers - Code42 Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-15131","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15131","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"15131","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"code42","cpe5":"code42","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"15131","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"code42","cpe5":"code42","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"15131","vulnerable":"1","versionEndIncluding":"6.7.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"code42","cpe5":"code42","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"15131","vulnerable":"1","versionEndIncluding":"6.8.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"code42","cpe5":"code42","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-15131","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories","refsource":"MISC","name":"https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories"},{"refsource":"CONFIRM","name":"https://code42.com/r/support/CVE-2019-15131","url":"https://code42.com/r/support/CVE-2019-15131"}]}},"nvd":{"publishedDate":"2019-09-17 12:15:00","lastModifiedDate":"2019-09-17 15:04:00","problem_types":["CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"6.7.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:code42:code42:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"6.8.4","versionEndIncluding":"6.8.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:code42:code42:7.0.0:*:*:*:enterprise:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"15131","Ordinal":"154493","Title":"CVE-2019-15131","CVE":"CVE-2019-15131","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"15131","Ordinal":"1","NoteData":"In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"15131","Ordinal":"2","NoteData":"2019-09-17","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"15131","Ordinal":"3","NoteData":"2019-09-17","Type":"Other","Title":"Modified"}]}}}