GCVE - cpe:2.3:a:commvault:command_center_innovation

Approved changes feed: RSS · Atom

cpe:2.3:a:commvault:command_center_innovation_release:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Commvault (`d5a65334-3838-5ae8-8891-4ab1adbfb7b4`)
Product	Command Center Innovation Release (`470cbf1c-a2cd-52fa-89c5-cffce94d013f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-34028`	vulnerable	2026-06-03 15:00:43.333577	Commvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path Traversal The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438. Published: 2025-04-22T16:32:23.446Z Updated: 2025-11-29T02:06:36.031Z Open on db.gcve.eu Reference links https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/ https://github.com/watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028 https://www.vulncheck.com/advisories/commvault-command-center-innovation-release-unauthenticated-install-package-path-traversal	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.