207 matches found
Exploit for Missing Authentication for Critical Function in Commvault
CVE-2025-34028 A Commvault Pre-Authenticated Remote Code Execu...
PT-2025-17556
Name of the Vulnerable Software and Affected Versions Commvault Command Center Innovation Release versions 11.38.0 through 11.38.19 Description A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded b...
Commvault Critical Webserver Vulnerability (CV_2025_03_1)
A critical webserver vulnerability exists in Commvault. A remote attacker can exploit this to execute arbitrary commands. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...
VulnCheck KEV: CVE-2025-3928
Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells...
PT-2025-17932 · Commvault · Commvault Web Server
Name of the Vulnerable Software and Affected Versions: Commvault Web Server versions prior to 11.20.217 Commvault Web Server versions prior to 11.28.141 Commvault Web Server versions prior to 11.32.89 Commvault Web Server versions prior to 11.36.46 Description: The Commvault Web Server has an...
VulnCheck KEV: CVE-2021-34993
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper...
CVE-2021-34997
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34996
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34995
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34995
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34996
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34993
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper...
CVE-2021-34994
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...
CVE-2021-34994
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Authentication flaw
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper...
CVE-2021-34997
CVE-2021-34997 affects Commvault CommCell 11.22.22 (vulnerable versions include 11.22.x; fixed in 11.25+ per CNVD). Root cause: AppStudioUploadHandler validates user-supplied data inadequately, allowing arbitrary file uploads. This leads to remote code execution in the NETWORK SERVICE context. Ex...
CVE-2021-34997
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34996
CVE-2021-34996 affects Commvault CommCell 11.22.22, with a flaw in Demo_ExecuteProcessOnGroup that lets an attacker create a workflow to execute arbitrary commands as SYSTEM. Authentication bypass is possible; CVSS 3.1/8.8 (HIGH). Red Hat and CNVD note impact on versions prior to 11.25; upgrade t...