Remote Code Execution Vulnerability in Commvault CommCell by Commvault
CVE-2021-34997
8.8HIGH
What is CVE-2021-34997?
A vulnerability in Commvault CommCell allows remote attackers to execute arbitrary code due to insufficient validation of user-supplied data within the AppStudioUploadHandler class. Although authentication is required, the flaw enables an attacker to bypass this mechanism, facilitating the upload of malicious files and executing code with NETWORK SERVICE privileges.
Affected Version(s)
CommCell 11.22.22