207 matches found
CVE-2024-13975
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...
CVE-2024-13976
A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated...
CVE-2024-13976 Commvault 11.20.0 - 11.36.0 Windows Maintenance Installer DLL Injection
A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated...
CVE-2024-13976 Commvault 11.20.0 - 11.36.0 Windows Maintenance Installer DLL Injection
A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated...
CVE-2024-13976
CVE-2024-13976 is a DLL injection vulnerability in Commvault for Windows during maintenance installer updates. Affected products/versions: Windows installations of Commvault 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. The root cause is an uncontrolled search path or DLL loading behavior that...
CVE-2024-13975 Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...
CVE-2024-13975
CVE-2024-13975 concerns Commvault for Windows, affecting versions 11.20.0–11.36.0. The issue is a local privilege escalation where a local attacker who has a client system with the File Server Agent installed can compromise assigned Windows access nodes, potentially enabling unauthorized access o...
CVE-2024-13975 Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...
CVE-2025-34136
The CVE-2025-34136 entry affects Commvault's Web Server component on systems where CommServe and Web Server roles are installed. A SQL injection vulnerability exists in the Web Server, with affected versions: 11.32.0–11.32.93, 11.36.0–11.36.51, and 11.38.0–11.38.19. An unauthenticated remote atta...
CVE-2025-34136 Commvault CommServe Web Server Unauthenticated SQL Injection
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...
CVE-2025-34136 Commvault CommServe Web Server Unauthenticated SQL Injection
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...
Commvault 安全漏洞
Commvault is a data backup and recovery software from Commvault Corporation in the United States. A security vulnerability exists in Commvault versions 11.32.0 through 11.32.93, 11.36.0 through 11.36.51, and 11.38.0 through 11.38.19, which originates from a SQL injection vulnerability in the Web...
Commvault for Windows 安全漏洞
Commvault for Windows is a data backup, recovery software from Commvault, Inc. A security vulnerability exists in Commvault for Windows that originates from a DLL injection and could lead to arbitrary code execution. The following versions are affected: version 11.20.0, version 11.28.0, version...
Commvault for Windows 安全漏洞
Commvault for Windows is a data backup, recovery software from Commvault Inc. in the United States. A security vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0, which stems from an elevation of privilege that could lead to unauthorized access...
PT-2025-30892 · Commvault · Commvault
Name of the Vulnerable Software and Affected Versions: Commvault versions 11.32.0 through 11.32.93 Commvault versions 11.36.0 through 11.36.51 Commvault versions 11.38.0 through 11.38.19 Description: An SQL injection vulnerability exists in the Web Server component that could allow a remote,...
PT-2025-30886 · Commvault · Commvault
Name of the Vulnerable Software and Affected Versions: Commvault versions 11.20.0 through 11.20.0 Commvault versions 11.28.0 through 11.28.0 Commvault versions 11.32.0 through 11.32.0 Commvault versions 11.34.0 through 11.34.0 Commvault versions 11.36.0 through 11.36.0 Description: A DLL injectio...
PT-2025-30885 · Commvault · Commvault
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This ma...
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's Metallic Microsoft 365...
CVE-2021-34996
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2021-34997
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...