漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Commvault CommCell 代码问题漏洞
Vulnerability Description
Commvault CommCell是美国Commvault公司的一款应用于企业环境的存储管理工具。 Commvault CommCell 中存在代码问题漏洞,该漏洞的存在是由于 AppStudioUploadHandler 类中的文件上传过程中对文件的验证不足。远程认证攻击者可以上传恶意文件并在服务器上执行。该漏洞允许远程攻击者破坏易受攻击的系统。
CVSS Information
N/A
Vulnerability Type
N/A