4 results (0.005 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. • https://www.veeam.com/kb4649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •