CVE-2024-42451

EPSS 0.06%
Veröffentlicht 04.12.2024 02:15:04
Zuletzt bearbeitet 24.04.2025 17:20:53
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.176

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
support@hackerone.com	7.7	3.1	4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.veeam.com/kb4693

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-42451

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42451

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42451

EUVD