CV_2024_01

This advisory is archived

Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.

Advisory ID: CV_2024_01_1
Title: Apache Struts 2 Vulnerability
Severity: CRITICAL
Issued: 2024-01-22
Updated: 2024-01-22
CVSS Score Range: 9.0 - 10.0
Additional Links:
- CVE-2023-50164

Impacted Products

This vulnerability does not affect Commvault products.

Resolution

The Commvault software does not use Apache Struts and is unaffected by this vulnerability.

CVE Details

Info	Description
CVE ID: CVE-2023-50164 CVSS Score: 9.8 External link	An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Documentation

https://documentation.commvault.com

< Back

Security Advisories

CV_2024_01_1: Apache Struts 2 Vulnerability CRITICAL

This advisory is archived

Impacted Products

Resolution

CVE Details

Documentation