Lucene search
K
CommvaultCommvault

8 matches found

CVE
CVE
added 2025/04/22 4:32 p.m.381 views

CVE-2025-34028

CVE-2025-34028 affects Commvault Command Center Innovation Release (11.38.0–11.38.20); it is a path-traversal vulnerability allowing an unauthenticated actor to upload ZIP install packages that, when expanded, enable Remote Code Execution. Root cause: ZIPs containing crafted payloads trigger path...

10CVSS9.9AI score0.97292EPSS
In wild
CVE
CVE
added 2025/04/25 3:56 p.m.311 views

CVE-2025-3928

CVE-2025-3928 — Commvault Web Server has an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells on the Web Server component of CommCell environments. Public documents consistently describe the issue as an unspecified vulnerability enabling webshe...

8.8CVSS8.7AI score0.01932EPSS
In wild
CVE
CVE
added 2018/01/19 5:0 p.m.74 views

CVE-2017-18044

CVE-2017-18044 is a command injection vulnerability in Commvault's ContentStore/Base/CVDataPipe.dll. The issue arises from a message parsing function that passes unchecked input to CreateProcess, enabling a remote attacker to inject and execute commands on the target OS. The flaw is exploitable w...

10CVSS9.7AI score0.69753EPSS
CVE
CVE
added 2025/08/20 12:0 a.m.57 views

CVE-2025-57788

CVE-2025-57788 affects Commvault components (notably CommandCenter login flow) where an unauthenticated attacker can trigger API calls without user credentials. The connected records describe a pre-auth vulnerability chain leveraged alongside CVE-2025-57790/57791 to enable broader remote code exe...

6.9CVSS6.7AI score0.02721EPSS
In wild
CVE
CVE
added 2025/08/20 3:22 a.m.45 views

CVE-2025-57790

CVE-2025-57790 (and related CVEs 57791/57788) affects Commvault software. Connected sources describe a path-traversal vulnerability in Commvault components that allows remote file-system access and may enable remote code execution. The Metasploit and PacketStorm entries confirm an unauthenticated...

8.8CVSS7.5AI score0.16114EPSS
CVE
CVE
added 2025/08/20 3:22 a.m.40 views

CVE-2025-57791

CVE-2025-57791 is an argument-injection vulnerability in Commvault components, enabling remote injection/manipulation of command-line arguments due to insufficient input validation. Exploitation can yield a valid session for a low-privilege user, and is part of an exploit chain including CVE-2025...

6.9CVSS6.3AI score0.20719EPSS
CVE
CVE
added 2025/08/20 3:22 a.m.30 views

CVE-2025-57789

CVE-2025-57789 – Commvault initial administrator login vulnerability . The issue occurs in the setup window between installation and the first administrator login, where remote attackers may exploit the default credentials to gain admin control. Affected versions include Commvault 11.32.x before ...

5.4CVSS6.6AI score0.01104EPSS
CVE
CVE
added 2026/01/07 10:3 p.m.22 views

CVE-2025-12776

The CVE-2025-12776 case concerns the WebConsole Report Builder, where user input is stored directly in a web page and displayed to others, enabling a stored XSS risk. The issue is triggered when a user with edit permissions modifies a report; running the report does not execute the scripts, but e...

5.4CVSS5.8AI score0.00149EPSS