- Advisory ID: CV_2024_09_1
- Severity: MEDIUM
- Issued: 2024-09-13
- Updated: 2024-09-16
Windows access nodes that are used for file server data protection jobs could get compromised. To execute the attack, the threat actor must have file server agent installed and must be the owner on the client. Only the windows access nodes that are assigned to this file server agent could be compromised. Remote attack is not possible.
Impacted Products
| Product | Versions | Platforms | Resolved Versions | Status |
|---|---|---|---|---|
| Commvault | 11.36.0 | Windows | 11.36.8 | resolved |
| Commvault | 11.34.0 | Windows | 11.34.34 | resolved |
| Commvault | 11.32.0 | Windows | 11.32.60 | resolved |
| Commvault | 11.28.0 | Windows | 11.32.60 | resolved |
| Commvault | 11.20.0 | Windows | 11.32.60 | resolved |
Resolution
To resolve this issue, install the specified minimum maintenance release for the corresponding platform release versions.