CVE-2021-34996 and CVE-2021-34993
Hi
Confirmed with our dev team, those CVE were already patched for all the affected Feature Releases, you need to update to the maintenance release listed for each Feature Release as documented
====
CV_2021_08_1: Authentication Bypass Vulnerabilities on CVWebService Endpoint
Advisory ID: CV_2021_08_1
Severity: Medium
Version: 1.0 Description The following security vulnerabilities were reported with Commvault’s CVWebService Web Server endpoint: Authentication bypass on a subset of web server APIs allows unauthorized users to download files from the web server. CommCell users that do not have administrator permissions can upload files to the Download Center or to Commvault App Studio.
Affected Products ==
This vulnerability affects the Commvault Web Server on Service Pack 16 and Feature Releases 11.20-11.24.
Resolution ===
To fix these vulnerabilities, download and install the following maintenance release (or a more recent release), for your Feature Release on the CommServe and Web Server.
Feature Release Maintenance Release 11.24.7 11.23.21 11.22.36 11.21.53 11.20.64 SP16.116
This applies to:
CVE-2021-34993 CVE-2021-34994 CVE-2021-34995 CVE-2021-34996 CVE-2021-34997
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.