CVE-2024-42449 HIGH

CVE-2024-42449

Vendor Veeam
Product Service Provider Console
Published December 4, 2024
Last update March 13, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.

Key dates

02Disclosure timeline

December 4, 2024 CVE published
March 13, 2025 Record updated