CVE-2021-34994 – This vulnerability allows remote attackers to execute arbitrary code on affected installat …

13 January 2022

Vuln ID: CVE-2021-34994

Published: 2022-01-13 22:15:12Z

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. The issue results from the lack of proper validation of a user-supplied string before executing it as JavaScript code. An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. Was ZDI-CAN-13755.

Source: NVD.NIST.GOV

Date:

13 January 2022

Categorie(s):

NVD

Tag(s):

NVD

Security leaders respond to disruption of LabHost, a fraud website29 April 2024
Silobreaker empowers users with timely insight into key cybersecurity incident filings29 April 2024
72% of CISOs believe AI solutions may lead to security breaches29 April 2024
OpenAI’s ChatGPT is Breaking GDPR, Says Noyb29 April 2024
UK lays down fresh legislation banning crummy default device passwords29 April 2024