In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25780
Reference (s):
- http://kb.commvault.com/article/63264