CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-42457

CVE-2024-42457 concerns Veeam Backup & Replication. Reported vulnerabilities allow users with limited operator roles to expose saved credentials via the product’s remote management interface, by abusing a session object that enables credential enumeration and exploitation. The attack is facilitat...

PT-2024-9525 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability in the remote management interface of Veeam Backup & Replication allows users with certain operator roles to expose saved credentials. This can be achieve...

Foundation Treasury initialize() function can be called by an attacker first

Lines of code Vulnerability details Impact In FoundationTreasury.sol the initialize function can only be called once setting the admin and operator roles which are used in other contracts. The problem is that this initialize function is not called in any deployment script which means an attacker...