Lucene search
K
CommvaultCommcell

6 matches found

CVE
CVE
added 2022/01/13 9:44 p.m.64 views

CVE-2021-34997

CVE-2021-34997 affects Commvault CommCell 11.22.22 (vulnerable versions include 11.22.x; fixed in 11.25+ per CNVD). Root cause: AppStudioUploadHandler validates user-supplied data inadequately, allowing arbitrary file uploads. This leads to remote code execution in the NETWORK SERVICE context. Ex...

8.8CVSS9AI score0.04248EPSS
CVE
CVE
added 2020/10/29 4:8 p.m.61 views

CVE-2020-25780

CVE-2020-25780 affects Commvault CommCell before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13. It is a local file inclusion/directory traversal vulnerability where an attacker can view a log-file request and access files outside the log-files folder. The N...

7.5CVSS7.4AI score0.09884EPSS
CVE
CVE
added 2022/01/13 9:44 p.m.61 views

CVE-2021-34993

CVE-2021-34993 is an authentication-bypass vulnerability in Commvault CommCell’s CVSearchService. Remote attackers can bypass authentication on affected installations (e.g., CommCell 11.22.22) due to lack of proper validation prior to authentication. Multiple sources (NVD description referencing ...

9.8CVSS9.6AI score0.05424EPSS
In wild
CVE
CVE
added 2022/01/13 9:44 p.m.54 views

CVE-2021-34994

CVE-2021-34994 affects Commvault CommCell 11.22.22. The vulnerability resides in the DataProvider class, caused by lack of validation of a user-supplied string before executing it as JavaScript, allowing an attacker to escape the JavaScript sandbox and execute Java code in the NETWORK SERVICE con...

8.8CVSS9AI score0.05789EPSS
CVE
CVE
added 2022/01/13 9:44 p.m.54 views

CVE-2021-34996

CVE-2021-34996 affects Commvault CommCell 11.22.22, with a flaw in Demo_ExecuteProcessOnGroup that lets an attacker create a workflow to execute arbitrary commands as SYSTEM. Authentication bypass is possible; CVSS 3.1/8.8 (HIGH). Red Hat and CNVD note impact on versions prior to 11.25; upgrade t...

9CVSS9AI score0.82258EPSS
CVE
CVE
added 2022/01/13 9:44 p.m.52 views

CVE-2021-34995

CVE-2021-34995 affects Commvault CommCell 11.22.22 via the DownloadCenterUploadHandler, where unsafely validated user-supplied data allows arbitrary file uploads and, in the NETWORk SERVICE context, code execution. The issue can be exploited with network access and low complexity; CVSS v3.1/3.0 s...

8.8CVSS9AI score0.68864EPSS