Skip to main content
commvault.com commvault.com
Question

CVE-2024-12797

  • May 14, 2025
  • 5 replies
  • 345 views
C
Byte
Forum|alt.badge.img+3

New vulnerabilities notification from Microsoft Defender for Endpoint

 

on some servers there is an issue with openssl

CVE 2024-12797

 

openssl 3.1.3.0

d:\program files\commvault\contentstore\base\tessdata\bin\libcrypto-3-x64.dll

openssl 3.0.13.0

d:\program files\commvault\contentstore\cvpython\libcrypto-3.dll
d:\program files\commvault\contentstore\cvpython\libssl-3.dll

openssl 3.3.2.0

d:\program files\commvault\contentstore\base\libcrypto-3.dll
d:\program files\commvault\contentstore\base\libcrypto-3-x64.dll
d:\program files\commvault\contentstore\base\libssl-3.dll
d:\program files\commvault\contentstore\base\libssl-3.dll

 

Is there someone with a resolution?

 

 

    5 replies

    sbhatia
    Vaulter
    Forum|alt.badge.img+9
    • sbhatiaVaulter
    • Vaulter
    • May 14, 2025

    CVE-2024-12797 does not affect our software since it doesn't use RFC7250 Raw Public Keys.

     

    (CVE-2024-12797 is a vulnerability in OpenSSL affecting TLS and DTLS connections that use Raw Public Keys (RPKs) as defined in RFC 7250. )

    C
    Byte
    Forum|alt.badge.img+3

    sbhatia

    thanks for your answer

    we found not only CVE-2024-12797

    D:\Program Files\Commvault\ContentStore\cvpython\libssl-3.dll openssl openssl 3.0.13.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143            
    D:\Program Files\Commvault\ContentStore\cvpython\libcrypto-3.dll openssl openssl 3.0.13.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143            
    d:\program files\commvault\contentstore\cvpython\libssl-3.dll openssl openssl 3.0.13.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143            
    d:\program files\commvault\contentstore\cvpython\libcrypto-3.dll openssl openssl 3.0.13.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143            
    D:\Program Files\Commvault\ContentStore\Base\libssl-3-x64.dll openssl openssl 3.3.2.0 13 May, 2025 05:46:05 PM 13 May, 2025 05:46:05 PM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    D:\Program Files\Commvault\ContentStore\Base\libssl-3.dll openssl openssl 3.3.2.0 13 May, 2025 05:46:05 PM 13 May, 2025 05:46:05 PM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    D:\Program Files\Commvault\ContentStore\Base\libcrypto-3-x64.dll openssl openssl 3.3.2.0 13 May, 2025 05:46:05 PM 13 May, 2025 05:46:05 PM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    D:\Program Files\Commvault\ContentStore\Base\libcrypto-3.dll openssl openssl 3.3.2.0 13 May, 2025 05:46:05 PM 13 May, 2025 05:46:05 PM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    d:\program files\commvault\contentstore\base\libssl-3-x64.dll openssl openssl 3.3.2.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    d:\program files\commvault\contentstore\base\libssl-3.dll openssl openssl 3.3.2.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    d:\program files\commvault\contentstore\base\libcrypto-3-x64.dll openssl openssl 3.3.2.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    d:\program files\commvault\contentstore\base\libcrypto-3.dll openssl openssl 3.3.2.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2024-12797, CVE-2024-13176, CVE-2024-9143                        
    D:\Program Files\Commvault\ContentStore\Base\tessdata\bin\libcrypto-3-x64.dll openssl openssl 3.1.3.0 13 May, 2025 05:46:05 PM 13 May, 2025 05:46:05 PM CVE-2023-5363, CVE-2023-5678, CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143
    d:\program files\commvault\contentstore\base\tessdata\bin\libcrypto-3-x64.dll openssl openssl 3.1.3.0 14 May, 2025 07:46:00 AM 14 May, 2025 07:46:00 AM CVE-2023-5363, CVE-2023-5678, CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143
    C
    Byte
    Forum|alt.badge.img+3

    sbhatia

     

    thanks for your answer

    for openssl we found more CVE’s. I have upload an excel sheet.

    1 Attachments
    sbhatia
    Vaulter
    Forum|alt.badge.img+9
    • sbhatiaVaulter
    • Vaulter
    • May 15, 2025

    Hi Chris, 

     

    I had a look at the sheet you attached and when checked internally most of the CVEs listed don’t affect Commvault, and a few of them have already been addressed in version 11.34.46.

    That said, I’d strongly recommend raising a Support Case for this. The Support team handles these kinds of vulnerabilities regularly and stays closely connected with Development. They’ll be in the best position to confirm impact or share any fixes in progress.

    Onno van den Berg
    Commvault Certified Expert
    Forum|alt.badge.img+20

    Is this being worked on already to solve the reported OpenSSL CVE? I know mentioned CVE is not impacting, but we also have customers reporting the CVE. So, updating supporting libraries and opensource tools to resolve CVE's is still important to mitigate end customers from raising tickets. 

    Terms & ConditionsCookie settingsAccessibility statement