Security Advisories
Documentation Cloud Services Solutions

Commvault Cloud Security Advisories

The following table lists security advisories for the Commvault software. To report a new vulnerability, click here.

Advisory ID

Impact

Synopsis

CVEs

Updated

Issued

CV_2024_07_1

None

OpenSSH Security Regression (CVE-2006-5051) Vulnerability

CVE-2024-6387

CV_2024_08_1

Yes

SQL Injection and Command Injection Advisory

None

CV_2024_08_2

None

Curl advisory

CVE-2024-7264

CV_2024_09_1

Yes

Security vulnerability in Windows access nodes that are used for file server data protection

None

CV_2024_09_2

Yes

DLL Injection Vulnerability in the Software Installation Path

None

CV_2024_12_1

None

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability

CVE-2024-50379

CV_2025_03_1

Yes

Critical Webserver Vulnerability

CVE-2025-3928

CV_2025_03_2

None

Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability

CVE-2025-24813

CV_2025_04_1

Yes

Vulnerability in Commvault Command Center Installation

CVE-2025-34028

CV_2025_04_2

Yes

SQL Injection Vulnerability

None

CV_2025_06_1

None

Tomcat Denial of Service Vulnerabilities

None

CV_2025_06_2

None

Handling Report Export Functionality

None

CV_2025_06_3

None

Stored Cross-Site Scripting Vulnerability

None

CV_2025_06_4

None

Authorization Schema Access Controls

None

CV_2025_08_1

Yes

Argument Injection Vulnerability in CommServe

None

CV_2025_08_2

Yes

Path Traversal Vulnerability

None

CV_2025_08_3

Yes

Unauthorized API Access Risk

None

CV_2025_08_4

Yes

Vulnerability in Initial Administrator Login Process

None

CV_2024_04_1

None

Red Hat Enterprise Linux (RHEL) Malicious Injection Vulnerability

CVE-2024-3094

CV_2024_01_1

None

Apache Struts 2 Vulnerability

CVE-2023-50164

CV_2023_11_2

None

Heap Based Buffer Overflow Vulnerability in cURL

CVE-2023-38545

CV_2023_11_1

Yes

Remote Code Execution Vulnerability in Apache ActiveMQ

CVE-2023-46604

CV_2023_10_1

Yes

Libwebp Vulnerability

CVE-2023-4863

CV_2023_05_1

Yes

Volt Typhoon Advisory

None

CV_2022_10_2

None

Remote Memory Corruption Vulnerability in OpenSSL

CVE-2022-2274

CV_2022_10_1

None

Remote Code Execution Vulnerability in Apache Common Text

CVE-2022-42889

CV_2022_04_1

None

Remote Code Execution Vulnerability in the Spring Framework

CVE-2022-22963, CVE-2022-22965

CV_2022_01_1

Yes

Local Privilege Escalation Vulnerability in Polkit's pkexec Utility

CVE-2021-4034

CV_2021_12_1

Yes

Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products

CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832

CV_2021_08_1

Yes

Authentication Bypass Vulnerabilities on CVWebService Endpoint

None

CVE-2021-41303

None

Apache Shiro Spring Boot Improper Authentication

None

CVE-2022-22950

None

Spring Expression DoS Vulnerability

None

carbon_black

None

Vulnerability with Carbon Black Software

None

ripplace

None

Commvault Ransomware Protection Is Safe from RIPlace

None

mongodb

None

Security Vulnerability With MongoDB Versions

None