Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. The issue results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. Was ZDI-CAN-13755.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Commvault CommCell 代码注入漏洞
Vulnerability Description
Commvault CommCell是美国Commvault公司的一款应用于企业环境的存储管理工具。 Commvault CommCell中存在代码注入漏洞,该漏洞的存在是由于在将用户提供的字符串作为 JavaScript 代码在 DataProvider 类中执行之前对其进行了不正确的输入验证。经过身份验证的远程攻击者可以发送特制请求并在目标系统上执行任意代码。该漏洞允许远程攻击者在目标系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A