8 matches found
CVE-2025-34028
CVE-2025-34028 affects Commvault Command Center Innovation Release (11.38.0–11.38.20); it is a path-traversal vulnerability allowing an unauthenticated actor to upload ZIP install packages that, when expanded, enable Remote Code Execution. Root cause: ZIPs containing crafted payloads trigger path...
CVE-2025-3928
CVE-2025-3928 — Commvault Web Server has an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells on the Web Server component of CommCell environments. Public documents consistently describe the issue as an unspecified vulnerability enabling webshe...
CVE-2017-18044
CVE-2017-18044 is a command injection vulnerability in Commvault's ContentStore/Base/CVDataPipe.dll. The issue arises from a message parsing function that passes unchecked input to CreateProcess, enabling a remote attacker to inject and execute commands on the target OS. The flaw is exploitable w...
CVE-2025-57788
CVE-2025-57788 affects Commvault components (notably CommandCenter login flow) where an unauthenticated attacker can trigger API calls without user credentials. The connected records describe a pre-auth vulnerability chain leveraged alongside CVE-2025-57790/57791 to enable broader remote code exe...
CVE-2025-57790
CVE-2025-57790 (and related CVEs 57791/57788) affects Commvault software. Connected sources describe a path-traversal vulnerability in Commvault components that allows remote file-system access and may enable remote code execution. The Metasploit and PacketStorm entries confirm an unauthenticated...
CVE-2025-57791
CVE-2025-57791 is an argument-injection vulnerability in Commvault components, enabling remote injection/manipulation of command-line arguments due to insufficient input validation. Exploitation can yield a valid session for a low-privilege user, and is part of an exploit chain including CVE-2025...
CVE-2025-57789
CVE-2025-57789 – Commvault initial administrator login vulnerability . The issue occurs in the setup window between installation and the first administrator login, where remote attackers may exploit the default credentials to gain admin control. Affected versions include Commvault 11.32.x before ...
CVE-2025-12776
The CVE-2025-12776 case concerns the WebConsole Report Builder, where user input is stored directly in a web page and displayed to others, enabling a stored XSS risk. The issue is triggered when a user with edit permissions modifies a report; running the report does not execute the scripts, but e...