Lucene search
HackeroneVULNRICHMENT:CVE-2024-38650HistorySep 07, 2024 - 4:11 p.m.
CVE-2024-38650
2024-09-0716:11:22
hackerone
github.com
4
authentication bypass
vspc server
ntlm hash
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:*"
],
"vendor": "veeam",
"product": "service_provider_console",
"versions": [
{
"status": "affected",
"version": "8",
"versionType": "semver",
"lessThanOrEqual": "8.0.0.19552"
}
],
"defaultStatus": "unaffected"
}
]References
Related
nvd
nvd
CVE-2024-38650
2024-09-07 17:15:12
cve
cve
CVE-2024-38650
2024-09-07 17:15:12
cvelist
cvelist
CVE-2024-38650
2024-09-07 16:11:22
thn
thn
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
2024-09-05 16:05:00
veeam
veeam
Veeam Security Bulletin (September 2024)
2024-09-04 00:00:00
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-38650