Medium5.5Commvault
SQL Injection Vulnerability
CV_2025_04_2 Published Apr 16, 2025Updated by vendor Apr 14, 2025
Affected products & platforms
CommvaultUnclassified
Summary
Save as PDF A security vulnerability has been identified in the CommServe and Web Server installation that allows a remote SQL Injection attack without authentication. Other installations in the same system are not compromised by this vulnerability.CVSS Score: 5.5
Affected versions
- Product Platforms Affected Versions Resolved Version Status Commvault Linux, Windows 11.32.0 - 11.32.93 11.32.94 Resolved Commvault Linux, Windows 11.36.0 - 11.36.51 11.36.52 Resolved Commvault Linux, Windows 11.38.0 - 11.38.19 11.38.20 Resolved
- 11.32.0
- 11.32.93
- 11.32.94
- 11.36.0
- 11.36.51
- 11.36.52
- 11.38.0
- 11.38.19
- 11.38.20
- Affected Versions
- 11.32.0 - 11.32.93
- 11.36.0 - 11.36.51
- 11.38.0 - 11.38.19
Official advisory · medium-confidence parse· fetched 6 hours ago·verify at source
Fixed versions
- 11.32.94
- 11.36.52
- 11.38.20
Official advisory · medium-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Install the listed maintenance release (or a more recent one) for your feature release: 11.32.94, 11.36.52, 11.38.20.
Official advisory · medium-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.