Skip to main content

CVE-2021-34996 and CVE-2021-34993

Hi @Ragini , thanks for the post!

Confirmed with our dev team, those CVE were already patched for all the affected Feature Releases, you need to update to the maintenance release listed for each Feature Release as documented

====

CV_2021_08_1: Authentication Bypass Vulnerabilities on CVWebService Endpoint

Advisory ID: CV_2021_08_1

Severity: Medium

Version: 1.0 Description The following security vulnerabilities were reported with Commvault’s CVWebService Web Server endpoint: Authentication bypass on a subset of web server APIs allows unauthorized users to download files from the web server. CommCell users that do not have administrator permissions can upload files to the Download Center or to Commvault App Studio.

Affected Products ==

This vulnerability affects the Commvault Web Server on Service Pack 16 and Feature Releases 11.20-11.24.

Resolution ===

To fix these vulnerabilities, download and install the following maintenance release (or a more recent release), for your Feature Release on the CommServe and Web Server.

Feature Release Maintenance Release 11.24.7 11.23.21 11.22.36 11.21.53 11.20.64 SP16.116

This applies to:

CVE-2021-34993 CVE-2021-34994 CVE-2021-34995 CVE-2021-34996 CVE-2021-34997


Reply