PT-2025-30886 · Commvault · Commvault
Commvault
·
Published
2025-07-25
·
Updated
2025-07-25
·
CVE-2024-13976
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Commvault versions 11.20.0 through 11.20.0
Commvault versions 11.28.0 through 11.28.0
Commvault versions 11.32.0 through 11.32.0
Commvault versions 11.34.0 through 11.34.0
Commvault versions 11.36.0 through 11.36.0
Description
A DLL injection vulnerability exists during the installation of maintenance updates. An attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges.
Recommendations
Commvault version 11.20.202 or later.
Commvault version 11.28.124 or later.
Commvault version 11.32.65 or later.
Commvault version 11.34.37 or later.
Commvault version 11.36.15 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commvault