Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

2024-12-03 17:33

Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that allows enterprises to manage and monitor backup operations across their offices. It’s also used by service providers to deliver Backup-as-a-Service (BaaS) and Disaster Recovery-as-a-Service (DRaaS) services to customers. The solution uses management agents to interact with … More → The post Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) appeared first on Help Net Security.

News URL

https://www.helpnetsecurity.com/2024/12/03/vspc-vulnerabilities-cve-2024-42448-cve-2024-42449/

#console #CVE #veeam #CVE-2024-42448 #CVE-2024-42449

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-12	CVE-2024-42448	From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.	0.0
2024-12-04	CVE-2024-42449	From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Veeam		11	0	8	9	7	24

News URL

Related news

Related Vulnerability

Related vendor