← voltar
CVE-2025-34136

Commvault CommServe Web Server Unauthenticated SQL Injection

CVSS 6.9 MEDIUMEPSS 0.4%CWE-89
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
Commvault · Commvault

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://documentation.commvault.com/securityadvisories/CV_2025_04_2.htmlhttps://www.vulncheck.com/advisories/commvault-commserve-web-server-unauth-sqli