CVE-2024-42021
https://notcve.org/view.php?id=CVE-2024-42021
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVE-2024-42023
https://notcve.org/view.php?id=CVE-2024-42023
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVE-2024-42024
https://notcve.org/view.php?id=CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. • https://www.veeam.com/kb4649 • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-42022
https://notcve.org/view.php?id=CVE-2024-42022
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVE-2024-42020
https://notcve.org/view.php?id=CVE-2024-42020
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. • https://www.veeam.com/kb4649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •