CVE-2021-34995 – This vulnerability allows remote attackers to execute arbitrary code on affected installat …

13 January 2022

Vuln ID: CVE-2021-34995

Published: 2022-01-13 22:15:13Z

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756.

Source: NVD.NIST.GOV

Date:

13 January 2022

Categorie(s):

NVD

Tag(s):

NVD

New UK Smart Device Security Law Comes into Force29 April 2024
PoC Exploit Released For Windows Kernel EoP Vulnerability29 April 2024
Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services29 April 2024
CodeQL zero to hero part 3: Security research with CodeQL29 April 2024
KageNoHitobito Ransomware Attacking Windows Users Around the Globe29 April 2024