CVE Daily

CVE-2020-8289

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 ...

High CVSS 7.8

Overview

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.

CWE: CWE-295 Published: 2020-12-27T02:15:14.480
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.8 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags