Commvault is a widely used data protection, backup and recovery software platform, such as users like Amazon, Walmart and Apple, that, if dissolved, if dissolved, can allow unauthorized access, lateral movement and malware and ransomware deployment, in addition to the organization, apart from the organization’s backup operations.
SSRF Dosha Code increased for execution
Watchtower Labs researcher Sunny McDonald reported vulnerability as a server-side request forgery (SSRF) problem as a pre-concluded closing point called deployment in a pre-proposed closing point. macdonald Called it A “very straight-east-east-SSRF vulnerability, because there is no filtering to limit the hosts, which can be communicated.”
“SSRF weaknesses are difficult to discover, but they can cause significant harm,” said Thomas Richards, Infrastructure Security Practice Director at Black Duck, but they can cause significant damage. ” “Commvault users should immediately patch their installation and start a forensic examination to determine whether their example was exploited. If the example was exposed on the Internet, it should be placed to control firewall restrictions to control who can access it.”
SSRF – A defect enables the attackers to trick a server in making unauthorized requests for internal or external systems – (by self) code cannot allow execution. In this particular case, however, McDonald created one ripe To show how this pre-prohibited SSRF can be extended to allow RCE.
