Описание
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.36.60 (исключая)
cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.40314
Средний
6.5 Medium
CVSS3
Дефекты
CWE-88
Связанные уязвимости
CVSS3: 6.5
github
6 месяцев назад
An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
EPSS
Процентиль: 97%
0.40314
Средний
6.5 Medium
CVSS3
Дефекты
CWE-88