Commvault Cloud Security Advisories

The following table lists security advisories for the Commvault software.

To report a new vulnerability, click here.

Advisory ID	Impact	Synopsis	CVEs	Updated	Issued
CV_2024_04_1	none	Red Hat Enterprise Linux (RHEL) Malicious Injection Vulnerability	CVE-2024-3094	2024-04-02	2024-04-02
CV_2024_01_1	none	Apache Struts 2 Vulnerability	CVE-2023-50164	2024-01-22	2024-01-22
CV_2023_11_2	none	Heap Based Buffer Overflow Vulnerability in cURL	CVE-2023-38545	2023-11-07	2023-11-07
CV_2023_11_1	Yes	Remote Code Execution Vulnerability in Apache ActiveMQ	CVE-2023-46604	2023-11-06	2023-11-06
CV_2023_10_1	Yes	Libwebp Vulnerability	CVE-2023-4863	2023-10-04	2023-10-04
CV_2023_05_1	Yes	Volt Typhoon Advisory	none	2023-05-26	2023-05-26
CV_2022_10_2	none	Remote Memory Corruption Vulnerability in OpenSSL	CVE-2022-2274	2022-10-31	2022-10-31
CV_2022_10_1	none	Remote Code Execution Vulnerability in Apache Common Text	CVE-2022-42889	2022-10-18	2022-10-18
CV_2022_04_1	none	Remote Code Execution Vulnerability in the Spring Framework	CVE-2022-22963, CVE-2022-22965	2022-04-01	2022-04-01
CV_2022_01_1	Yes	Local Privilege Escalation Vulnerability in Polkit's pkexec Utility	CVE-2021-4034	2022-01-29	2022-01-29
CV_2021_12_1	Yes	Vulnerability in Apache Log4j Logging Libraries Impacting Commvault Products	CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832	2022-02-01	2021-12-11
CV_2021_08_1	Yes	Authentication Bypass Vulnerabilities on CVWebService Endpoint	none	2021-08-08	2021-08-08
CVE-2021-41303	none	Apache Shiro Spring Boot Improper Authentication	none
CVE-2022-22950	none	Spring Expression DoS Vulnerability	none
carbon_black	none	Vulnerability with Carbon Black Software	none
ripplace	none	Commvault Ransomware Protection Is Safe from RIPlace	none
mongodb	none	Security Vulnerability With MongoDB Versions	none
CV_2024_08_1	Yes	SQL Injection and Command Injection Advisory	none	2024-09-16	2024-08-05
CV_2024_09_1	Yes	Security vulnerability in Windows access nodes that are used for file server data protection	none	2024-09-16	2024-09-13
CV_2024_08_2	none	Curl advisory	CVE-2024-7264	2024-09-16	2024-08-26
CV_2024_07_1	none	OpenSSH Security Regression (CVE-2006-5051) Vulnerability	CVE-2024-6387	2024-09-16	2024-07-25
CV_2024_09_2	Yes	DLL Injection Vulnerability in the Software Installation Path	none	2024-09-26	2024-09-25