Vulnerabilities > Commvault > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-22 | CVE-2025-34028 | Missing Authentication for Critical Function vulnerability in Commvault The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. | 10.0 |
| 2022-01-13 | CVE-2021-34993 | Improper Authentication vulnerability in Commvault Commcell 11.22.22 This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. | 9.8 |
| 2018-01-19 | CVE-2017-18044 | OS Command Injection vulnerability in Commvault 11.0 A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. | 9.8 |
| 2017-12-16 | CVE-2017-3195 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Commvault Edge 11.0.0 Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges. | 9.8 |