Security Advisories

Documentation Cloud Services Solutions

CVE-2021-41303: Apache Shiro Spring Boot Improper Authentication

  This advisory is archived

Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.

  • Advisory ID: CVE-2021-41303
  • Title: Apache Shiro Spring Boot Improper Authentication
  • Additional Links:

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Impacted Products

This vulnerability does not affect Commvault products.


No Commvault application that contains an affected Shiro library uses Spring Boot.