Veeam Service Provider Console vulnerabilities
5 known vulnerabilities affecting veeam/service_provider_console.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-42448P1CRITICALCVSS 9.9ExploitedRansomware≥ 8.1, ≤ 8.12024-12-12
CVE-2024-42448 [CRITICAL] CWE-94 CVE-2024-42448: From the VSPC management agent machine, under condition that the management agent is authorized on t
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
nvd
CVE-2024-29212P2CRITICALCVSS 9.9≥ 8, ≤ 8≥ 7, ≤ 72024-05-14
CVE-2024-29212 [CRITICAL] CWE-502 CVE-2024-29212: Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
nvd
CVE-2026-32998P2CRITICALCVSS 9.4≥ 9, ≤ 9.22026-05-28
CVE-2026-32998 [CRITICAL] CWE-233 CVE-2026-32998: This vulnerability in Veeam Service Provider Console allows for remote code execution.
This vulnerability in Veeam Service Provider Console allows for remote code execution.
nvd
CVE-2024-42449P3HIGHCVSS 7.1≥ 8.1, ≤ 8.12024-12-04
CVE-2024-42449 [HIGH] CWE-732 CVE-2024-42449: From the VSPC management agent machine, under condition that the management agent is authorized on t
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.
nvd
CVE-2024-45206P3MEDIUMCVSS 6.5≥ 8.0, ≤ 8.02024-12-04
CVE-2024-45206 [MEDIUM] CWE-918 CVE-2024-45206: A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbit
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
nvd