CVE-2024-42455

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication (affected versions not specified)

Description: The issue is related to insecure deserialization in Veeam Backup & Replication, allowing a low-privileged user to connect to remoting services and exploit this vulnerability by sending a serialized temporary file collection. This can enable an attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.