Security Advisories

Documentation Cloud Services Solutions

CV_2024_01_1: Apache Struts 2 Vulnerability CRITICAL

  This advisory is archived

Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.

  • Advisory ID: CV_2024_01_1
  • Title: Apache Struts 2 Vulnerability
  • Severity: CRITICAL
  • Issued: 2024-01-22
  • Updated: 2024-01-22
  • CVSS Score Range: 9.0 - 10.0
  • Additional Links:

Impacted Products

This vulnerability does not affect Commvault products.


The Commvault software does not use Apache Struts and is unaffected by this vulnerability.

CVE Details

Info Description

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts or greater to fix this issue.