Veeam Service Provider Console@* Security Vulnerabilities and Issues — Veeam Service Provider Console@* CVE List

Lucene search

VeeamVeeam Service Provider Console*

6 matches found

CVE•added 2024/05/14 3:15 p.m.•114 views

CVE-2024-29212

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

9.9CVSS7.4AI score0.22586EPSS

CVE•added 2024/09/07 5:15 p.m.•72 views

CVE-2024-39715

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.

8.5CVSS8.2AI score0.01251EPSS

CVE•added 2024/09/07 5:15 p.m.•57 views

CVE-2024-38650

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.

9.9CVSS7.1AI score0.00214EPSS

CVE•added 2024/09/07 5:15 p.m.•54 views

CVE-2024-39714

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.

9.9CVSS8.2AI score0.01251EPSS

CVE•added 2024/12/04 2:15 a.m.•44 views

CVE-2024-45206

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.

6.5CVSS7AI score0.00046EPSS

CVE•added 2024/09/07 5:15 p.m.•42 views

CVE-2024-38651

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

8.5CVSS8AI score0.01251EPSS