5 results (0.002 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. • https://www.veeam.com/kb4649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. Debido a un método de deserialización inseguro utilizado por el servidor Veeam Service Provider Console (VSPC) en la comunicación entre el agente de administración y sus componentes, bajo ciertas condiciones, es posible realizar la ejecución remota de código (RCE) en la máquina del servidor VSPC. • https://www.veeam.com/kb4575 • CWE-502: Deserialization of Untrusted Data •