Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Commvault CommCell 代码问题漏洞
Vulnerability Description
Commvault CommCell是美国Commvault公司的一款应用于企业环境的存储管理工具。 Commvault CommCell 中存在代码问题漏洞,该漏洞的存在是由于 AppStudioUploadHandler 类中的文件上传过程中对文件的验证不足。远程认证攻击者可以上传恶意文件并在服务器上执行。该漏洞允许远程攻击者破坏易受攻击的系统。
CVSS Information
N/A
Vulnerability Type
N/A