PT-2024-6331 · Veeam · Veeam Service Provider Console
Published
2024-09-04
·
Updated
2024-10-19
·
CVE-2024-38651
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Veeam Service Provider Console (VSPC) (affected versions not specified)
Description
A code injection vulnerability can allow a low-privileged user to overwrite files on the VSPC server, which can lead to remote code execution on the VSPC server. The vulnerability is related to incorrect code generation management in the VSPC server's backup and recovery software for remote and cloud clients.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Veeam Service Provider Console