Commvault 漏洞列表

Commvault-WebServer是Commvault公司推出的一款网络服务器软件。该软件具有高效、安全、稳定的特点，可以为用户提供可靠的数据备份、恢复和归档服务。Commvault-WebServer支持多种操作系统和数据库，可以与其他Commvault产品无缝集成，为用户提供全面的数据管理解决方案。同时，该软件还提供了灵活的管理和监控功能，帮助用户更好地管理其数据。在 11.36.60 之前在 Commvault 中发现了一个问题。已知登录机制中存在一个漏洞，使得未经身份验证的攻击者无需用户凭据即可执行 API 调用。RBAC 有助于限制风险，但不能消除风险。

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder.

A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38.

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.

Commvault是一款数据保护或网络弹性解决方案，为企业备份和复制套件。 Commvault存在任意文件上传漏洞。恶意攻击者可使服务器下载远程webshell到本地从而获取服务器权限。