The following table lists security advisories for the Commvault software.
| Advisory ID | Synopsis | CVEs | Updated |
|---|---|---|---|
| CV_2024_04_1 | Red Hat Enterprise Linux (RHEL) Malicious Injection Vulnerability | CVE-2024-3094 | |
| CV_2024_01_1 | Apache Struts 2 Vulnerability | CVE-2023-50164 | |
| CV_2023_11_2 | Heap Based Buffer Overflow Vulnerability in cURL | CVE-2023-38545 | |
| CV_2023_11_1 | Remote Code Execution Vulnerability in Apache ActiveMQ | CVE-2023-46604 | |
| CV_2023_10_1 | Libwebp Vulnerability | CVE-2023-4863 | |
| CV_2023_05_1 | Volt Typhoon Advisory | ||
| CV_2022_10_2 | Remote Memory Corruption Vulnerability in OpenSSL | CVE-2022-2274 | |
| CV_2022_10_1 | Remote Code Execution Vulnerability in Apache Common Text | CVE-2022-42889 | |
| CV_2022_04_1 | Remote Code Execution Vulnerability in the Spring Framework | CVE-2022-22963, CVE-2022-22965 | |
| CV_2022_01_1 | Local Privilege Escalation Vulnerability in Polkit's pkexec Utility | CVE-2021-4034 | |
| CV_2021_12_1 | Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products | CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832 | |
| CV_2021_08_1 | Authentication Bypass Vulnerabilities on CVWebService Endpoint | ||
| CVE-2021-41303 | Apache Shiro Spring Boot Improper Authentication | ||
| CVE-2022-22950 | Spring Expression DoS Vulnerability | ||
| carbon_black | Vulnerability with Carbon Black Software | ||
| ripplace | Commvault Ransomware Protection Is Safe from RIPlace | ||
| mongodb | Security Vulnerability With MongoDB Versions |