Veeam Service Provider Console vulnerabilities
6 known vulnerabilities affecting veeam/veeam_service_provider_console.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-38650P2CRITICALCVSS 9.9≥ 8, ≤ 82024-09-07
CVE-2024-38650 [CRITICAL] CWE-200 CVE-2024-38650: An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash o
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
nvd
CVE-2024-39714P2CRITICALCVSS 9.9≥ 8, ≤ 82024-09-07
CVE-2024-39714 [CRITICAL] CWE-94 CVE-2024-39714: A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the s
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
nvd
CVE-2024-29212P2CRITICALCVSS 9.9fixed in 7.0.0.19551≥ 8.0.0.18054, < 8.0.0.195522024-05-14
CVE-2024-29212 [CRITICAL] CWE-502 CVE-2024-29212: Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
nvd
CVE-2024-39715P2HIGHCVSS 8.5≥ 8, ≤ 82024-09-07
CVE-2024-39715 [HIGH] CWE-94 CVE-2024-39715: A code injection vulnerability that allows a low-privileged user with REST API access granted to rem
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
nvd
CVE-2024-38651P3HIGHCVSS 8.5≥ 8, ≤ 82024-09-07
CVE-2024-38651 [HIGH] CWE-94 CVE-2024-38651: A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC serve
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
nvd
CVE-2024-45206P3MEDIUMCVSS 6.5≥ 7.0.0.12777, < 8.1.0.213772024-12-04
CVE-2024-45206 [MEDIUM] CWE-918 CVE-2024-45206: A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbit
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
nvd