CVE-2021-34996

CVE-2021-34996 affects Commvault CommCell 11.22.22, with a flaw in Demo_ExecuteProcessOnGroup that lets an attacker create a workflow to execute arbitrary commands as SYSTEM. Authentication bypass is possible; CVSS 3.1/8.8 (HIGH). Red Hat and CNVD note impact on versions prior to 11.25; upgrade t...

CVE-2021-34996

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2021-34995

CVE-2021-34995 affects Commvault CommCell 11.22.22 via the DownloadCenterUploadHandler, where unsafely validated user-supplied data allows arbitrary file uploads and, in the NETWORk SERVICE context, code execution. The issue can be exploited with network access and low complexity; CVSS v3.1/3.0 s...

CVE-2021-34995

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2021-34994

CVE-2021-34994 affects Commvault CommCell 11.22.22. The vulnerability resides in the DataProvider class, caused by lack of validation of a user-supplied string before executing it as JavaScript, allowing an attacker to escape the JavaScript sandbox and execute Java code in the NETWORK SERVICE con...

CVE-2021-34994

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...

CVE-2021-34993

CVE-2021-34993 is an authentication-bypass vulnerability in Commvault CommCell’s CVSearchService. Remote attackers can bypass authentication on affected installations (e.g., CommCell 11.22.22) due to lack of proper validation prior to authentication. Multiple sources (NVD description referencing ...

CVE-2021-34993

This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper...

The vulnerability of the Demo_ExecuteProcessOnGroup process in the CommCell storage management software allows a hacker to execute arbitrary code.

The vulnerability of the DemoExecuteProcessOnGroup process in the CommCell storage management software is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request remotely...

The vulnerability of the CVSearchService service of the CommCell storage management software allows a perpetrator to bypass authentication procedures or gain unauthorized access to the device.

The vulnerability of the CVSearchService service, a management tool for the CommCell storage system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication process or gain unauthorized acces...

The vulnerability of the AppStudioUploadHandler class in the CommCell storage management software allows a hacker to execute arbitrary NETWORK SERVICE code.

The vulnerability of the AppStudioUploadHandler class in the CommCell storage management software is related to the lack of restrictions on file uploads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of NETWORK SERVICE remotely...

The vulnerability of the CommCell storage management software lies in its flawed code generation mechanism, which allows an attacker to execute arbitrary code.

The vulnerability of the CommCell storage management software is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request remotely...

Commvault CommCell Authentication Bypass Vulnerability

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.An authentication bypass vulnerability exists in the CVSearchService service in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker to bypass...

Commvault CommCell Remote Code Execution Vulnerability

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.A remote code execution vulnerability exists in the DemoExecuteProcessOnGroup workflow in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker t...

Commvault CommCell Remote Code Execution Vulnerability (CNVD-2021-101451)

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.A remote code execution vulnerability exists in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker to execute code in the context of NETWORK...

Commvault CommCell Arbitrary File Upload Vulnerability (CNVD-2021-101452)

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.An arbitrary file upload vulnerability exists in the DownloadCenterUploadHandler class in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker t...

Commvault CommCell Arbitrary File Upload Vulnerability

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.An arbitrary file upload vulnerability exists in the AppStudioUploadHandler class in versions of Commvault CommCell prior to 11.25, which stems from a lack of proper validation o...

Commvault CommCell 代码问题漏洞

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.An arbitrary file upload vulnerability exists in the AppStudioUploadHandler class in versions of Commvault CommCell prior to 11.25, which stems from a lack of proper validation o...

Commvault CommCell 安全漏洞

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.A remote code execution vulnerability exists in the DemoExecuteProcessOnGroup workflow in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker t...

Commvault CommCell AppStudioUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandle...