The following table lists security advisories for the Commvault software. To report a new vulnerability, click here.
Advisory ID |
Impact |
Synopsis |
CVEs |
Updated |
Issued |
---|---|---|---|---|---|
None |
OpenSSH Security Regression (CVE-2006-5051) Vulnerability |
CVE-2024-6387 |
|
|
|
Yes |
SQL Injection and Command Injection Advisory |
None |
|
|
|
None |
Curl advisory |
CVE-2024-7264 |
|
|
|
Yes |
Security vulnerability in Windows access nodes that are used for file server data protection |
None |
|
|
|
Yes |
DLL Injection Vulnerability in the Software Installation Path |
None |
|
|
|
None |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability |
CVE-2024-50379 |
|
|
|
Yes |
Critical Webserver Vulnerability |
CVE-2025-3928 |
|
|
|
None |
Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability |
CVE-2025-24813 |
|
|
|
Yes |
Vulnerability in Commvault Command Center Installation |
CVE-2025-34028 |
|
|
|
Yes |
SQL Injection Vulnerability |
None |
|
|
|
None |
Tomcat Denial of Service Vulnerabilities |
None |
|
|
|
None |
Handling Report Export Functionality |
None |
|
|
|
None |
Stored Cross-Site Scripting Vulnerability |
None |
|
|
|
None |
Authorization Schema Access Controls |
None |
|
|
|
Yes |
Argument Injection Vulnerability in CommServe |
None |
|
|
|
Yes |
Path Traversal Vulnerability |
None |
|
|
|
Yes |
Unauthorized API Access Risk |
None |
|
|
|
Yes |
Vulnerability in Initial Administrator Login Process |
None |
|
|
|
None |
Red Hat Enterprise Linux (RHEL) Malicious Injection Vulnerability |
CVE-2024-3094 |
|
|
|
None |
Apache Struts 2 Vulnerability |
CVE-2023-50164 |
|
|
|
None |
Heap Based Buffer Overflow Vulnerability in cURL |
CVE-2023-38545 |
|
|
|
Yes |
Remote Code Execution Vulnerability in Apache ActiveMQ |
CVE-2023-46604 |
|
|
|
Yes |
Libwebp Vulnerability |
CVE-2023-4863 |
|
|
|
Yes |
Volt Typhoon Advisory |
None |
|
|
|
None |
Remote Memory Corruption Vulnerability in OpenSSL |
CVE-2022-2274 |
|
|
|
None |
Remote Code Execution Vulnerability in Apache Common Text |
CVE-2022-42889 |
|
|
|
None |
Remote Code Execution Vulnerability in the Spring Framework |
CVE-2022-22963, CVE-2022-22965 |
|
|
|
Yes |
Local Privilege Escalation Vulnerability in Polkit's pkexec Utility |
CVE-2021-4034 |
|
|
|
Yes |
Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products |
CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832 |
|
|
|
Yes |
Authentication Bypass Vulnerabilities on CVWebService Endpoint |
None |
|
|
|
None |
Apache Shiro Spring Boot Improper Authentication |
None |
|
|
|
None |
Spring Expression DoS Vulnerability |
None |
|
|
|
None |
Vulnerability with Carbon Black Software |
None |
|
|
|
None |
Commvault Ransomware Protection Is Safe from RIPlace |
None |
|
|
|
None |
Security Vulnerability With MongoDB Versions |
None |
|
|