Skip to main content
commvault.com commvault.com
Solved

.Net vulnerability

A
Byte
Forum|alt.badge.img+3

Hi Team,

I can see below .NET related vulnerability.

Can you please let me know, if .NET update will impact Commvault backup server and media agents ?

Microsoft CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability
Microsoft CVE-2020-1046: .NET Framework Remote Code Execution Vulnerability
Microsoft CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
Microsoft CVE-2021-24111: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2022-26832: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2020-1108: .NET Core & .NET Framework Denial of Service Vulnerability
Microsoft CVE-2022-21911: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2022-41064: .NET Framework Information Disclosure Vulnerability
Microsoft CVE-2023-21722: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2023-21808: .NET and Visual Studio Remote Code Execution Vulnerability
Microsoft CVE-2022-41089: .NET Framework Remote Code Execution Vulnerability
Microsoft CVE-2020-16937: .NET Framework Information Disclosure Vulnerability
Microsoft CVE-2022-30130: .NET Framework Denial of Service Vulnerability
Microsoft CVE-2020-1476: ASP.NET and .NET Elevation of Privilege Vulnerability

 

Best answer by Damian Andre

Hey @Ajinkya,

 

You are all good to install the .net updates - minor version updates are also ok. The only component that is really sensitive to .net version is the webserver on the CommServe which requires Microsoft .NET Framework 4.6.2 and .NET Core 6.0.1 for release 2022E (11.28). If you install through windows update it will patch the current version, so all good.

View original
Did this answer your question?

5 replies

Damian Andre
Vaulter
Forum|alt.badge.img+23
  • Damian AndreVaulter
  • Vaulter
  • 1301 replies
  • Answer
  • March 21, 2023

Hey @Ajinkya,

 

You are all good to install the .net updates - minor version updates are also ok. The only component that is really sensitive to .net version is the webserver on the CommServe which requires Microsoft .NET Framework 4.6.2 and .NET Core 6.0.1 for release 2022E (11.28). If you install through windows update it will patch the current version, so all good.

Scott Moseman
A
2 people like this
  • Scott Moseman
    Scott Moseman
  • A
    Ajinkya
A
Byte
Forum|alt.badge.img+3
  • Ajinkya
  • Author
  • Byte
  • 7 replies
  • March 23, 2023

Hello @Damian Andre,

Thank you for the ans.

F
Byte
Forum|alt.badge.img+3
  • faiez
  • Byte
  • 7 replies
  • June 8, 2023

Hi all

I’m running Version 11 SP16 ,didn't configured webserver for commvault,will be effected if upgrade from Microsoft ASP.NET Core 2.1.5 to latest version to fix vulnerability.Thank you

M
Byte
Forum|alt.badge.img+14
  • Mauro
  • Byte
  • 101 replies
  • July 12, 2023

May I ask if updating .net to 4.8.1 on the Commserve would be problematic?

N
Bit
Forum|alt.badge.img
  • NilsaCruz
  • Bit
  • 1 reply
  • October 12, 2023

I have .NET Core 6.0.1 for release 2022E (11.28) on my CommServer, but my security team wants me to upgrade to .NET Core 6.0.22.  I would like to know if is ok to upgrade.

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings