A Vulnerability in 7-Zip Might Allow Arbitrary Code Execution (CVE-2018-10115)
Article ID: SEC0015 A Vulnerability in 7-Zip Might Allow Arbitrary Code Execution (CVE-2018-10115)
CVE-2018-10115 and MS-ISAC Advisory number 2018-049 report a vulnerability in 7-Zip 18.03 and earlier versions. (7-Zip is a free and open-source file archiver.) The vulnerability might allow remote hackers to execute arbitrary code when data is extracted from RAR files.
Commvault software does use 7-Zip binaries. However, Commvault software does not use RAR compression, and does not allow remote execution of the 7-Zip binaries.
All versions of Commvault V10 and V11 are unaffected by this vulnerability.