← volver
CVE-2025-34136

Commvault CommServe Web Server Unauthenticated SQL Injection

CVSS 6.9 MEDIUMEPSS 0.4%CWE-89
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
Commvault · Commvault

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://documentation.commvault.com/securityadvisories/CV_2025_04_2.htmlhttps://www.vulncheck.com/advisories/commvault-commserve-web-server-unauth-sqli