CVE-2024-42448

Published: Dec 12, 2024Modified: Jun 17, 2026Deferred

9.9

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: support@hackerone.com (Secondary)

Description

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://www.veeam.com/kb4679

Source: support@hackerone.com

Timeline

No history available yet.