ON-PREMISES RELEASE NOTIFICATION: Security vulnerability resolution

  Thread closed by the administrator. It is viewable, but not accepting new replies.
  • 1.  ON-PREMISES RELEASE NOTIFICATION: Security vulnerability resolution

    Posted 06-04-2020 09:12
    No replies, thread closed.

    Announcing Version 7.0.5 Maintenance Update

    Highlights of this update include: 

    • Resolution for a security vulnerability

    Security Vulnerability Details

    • Code42 server version 7.0.5 corrects a vulnerability that potentially allows remote code execution on the server by an authenticated user.
    • The Common Vulnerability Scoring System (CVSS) score for the vulnerability is 8.0. 
    • We are not currently aware of any attempts to actively exploit this vulnerability.
    • Customers with their own on-premises authority server require an upgrade to version 7.0.5.
    • Code42 cloud customers have already been remediated, so no action is required on their part. 
    • Reserved Common Vulnerability and Exposure (CVE) ID: CVE-2020-12736.

    In line with our standard CVE process, we will be publishing full details of this CVE in approximately 30 days. To receive the CVE details as soon as they are available, please subscribe to our security vulnerability notifications.

    On-Premises Authority Server Customers: Upgrade to Version 7.0.5

    We recommend that you upgrade your on-premises server software to version 7.0.5 to remediate this vulnerability. If you are a Managed Private Cloud customer, please contact our Code42 Customer Champions to request an upgrade.

    Support and Policy Reminders

    Per our Code42 version policy, Code42 enforces a minimum software version for customers. Please see the "Identify your Code42 environment type and version" support article for help determining your environment type and version.