CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38650
https://notcve.org/view.php?id=CVE-2024-38650
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. • https://www.veeam.com/kb4649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42021
https://notcve.org/view.php?id=CVE-2024-42021
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40718
https://notcve.org/view.php?id=CVE-2024-40718
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. • https://www.veeam.com/kb4649 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42023
https://notcve.org/view.php?id=CVE-2024-42023
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40714
https://notcve.org/view.php?id=CVE-2024-40714
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. • https://www.veeam.com/kb4649 • CWE-295: Improper Certificate Validation •