VYPR

Commvault Web Server

by Commvault

CVEs (2)

  • CVE-2025-3928HigKEVApr 25, 2025
    risk 0.69cvss 8.8epss 0.02

    Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89,…

  • CVE-2025-34136MedJul 25, 2025
    risk 0.45cvss epss 0.00

    An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server…