Commvault Cloud Security Advisories

The following table lists security advisories for the Commvault software. To report a new vulnerability, click here.

Advisory ID	Impact	Synopsis	CVEs	Updated	Issued
CV_2024_07_1	None	OpenSSH Security Regression (CVE-2006-5051) Vulnerability	CVE-2024-6387	2024-09-16	2024-07-25
CV_2024_08_1	Yes	SQL Injection and Command Injection Advisory	None	2024-09-16	2024-08-05
CV_2024_08_2	None	Curl advisory	CVE-2024-7264	2024-10-22	2024-08-26
CV_2024_09_1	Yes	Security vulnerability in Windows access nodes that are used for file server data protection	None	2024-09-16	2024-09-13
CV_2024_09_2	Yes	DLL Injection Vulnerability in the Software Installation Path	None	2024-10-02	2024-09-25
CV_2024_12_1	None	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability	CVE-2024-50379	2024-12-27	2024-12-23
CV_2025_03_1	Yes	Critical Webserver Vulnerability	CVE-2025-3928	2025-05-01	2025-02-24
CV_2025_03_2	None	Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability	CVE-2025-24813	2025-03-27	2025-03-27
CV_2025_04_1	Yes	Vulnerability in Commvault Command Center Installation	CVE-2025-34028	2025-05-06	2025-04-11
CV_2025_04_2	Yes	SQL Injection Vulnerability	None	2025-04-16	2025-04-14
CV_2025_06_1	None	Tomcat Denial of Service Vulnerabilities	None	2025-06-06	2025-06-06
CV_2025_06_2	None	Handling Report Export Functionality	None	2025-06-06	2025-06-06
CV_2025_06_3	Yes	Stored Cross-Site Scripting Vulnerability	None	2025-10-14	2025-06-06
CV_2025_06_4	None	Authorization Schema Access Controls	None	2025-06-06	2025-06-06
CV_2025_08_1	Yes	Argument Injection Vulnerability in CommServe	CVE-2025-57791	2025-09-03	2025-08-19
CV_2025_08_2	Yes	Path Traversal Vulnerability	CVE-2025-57790	2025-09-03	2025-08-19
CV_2025_08_3	Yes	Unauthorized API Access Risk	CVE-2025-57788	2025-09-03	2025-08-19
CV_2025_08_4	Yes	Vulnerability in Initial Administrator Login Process	CVE-2025-57789	2025-09-03	2025-08-19
CV_2024_04_1	None	Red Hat Enterprise Linux (RHEL) Malicious Injection Vulnerability	CVE-2024-3094	2024-04-01	2024-04-01
CV_2024_01_1	None	Apache Struts 2 Vulnerability	CVE-2023-50164	2024-01-21	2024-01-21
CV_2023_11_2	None	Heap Based Buffer Overflow Vulnerability in cURL	CVE-2023-38545	2023-11-06	2023-11-06
CV_2023_11_1	Yes	Remote Code Execution Vulnerability in Apache ActiveMQ	CVE-2023-46604	2023-11-05	2023-11-05
CV_2023_10_1	Yes	Libwebp Vulnerability	CVE-2023-4863	2023-10-03	2023-10-03
CV_2023_05_1	Yes	Volt Typhoon Advisory	None	2023-05-25	2023-05-25
CV_2022_10_2	None	Remote Memory Corruption Vulnerability in OpenSSL	CVE-2022-2274	2022-10-30	2022-10-30
CV_2022_10_1	None	Remote Code Execution Vulnerability in Apache Common Text	CVE-2022-42889	2022-10-17	2022-10-17
CV_2022_04_1	None	Remote Code Execution Vulnerability in the Spring Framework	CVE-2022-22963, CVE-2022-22965	2022-03-31	2022-03-31
CV_2022_01_1	Yes	Local Privilege Escalation Vulnerability in Polkit's pkexec Utility	CVE-2021-4034	2022-01-28	2022-01-28
CV_2021_12_1	Yes	Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products	CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832	2022-01-31	2022-01-31
CV_2021_08_1	Yes	Authentication Bypass Vulnerabilities on CVWebService Endpoint	None	2021-08-07	2021-08-07
CVE-2021-41303	None	Apache Shiro Spring Boot Improper Authentication	None
CVE-2022-22950	None	Spring Expression DoS Vulnerability	None
carbon_black	None	Vulnerability with Carbon Black Software	None
ripplace	None	Commvault Ransomware Protection Is Safe from RIPlace	None
mongodb	None	Security Vulnerability With MongoDB Versions	None