Filtered by vendor Veeam Subscriptions
Filtered by product Service Provider Console Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-42449 1 Veeam 1 Service Provider Console 2024-12-09 N/A
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.
CVE-2024-45206 1 Veeam 1 Service Provider Console 2024-12-04 N/A
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVE-2024-39714 1 Veeam 1 Service Provider Console 2024-09-09 N/A
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
CVE-2024-38651 1 Veeam 1 Service Provider Console 2024-09-09 N/A
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
CVE-2024-39715 1 Veeam 1 Service Provider Console 2024-09-09 N/A
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
CVE-2024-38650 1 Veeam 1 Service Provider Console 2024-09-09 N/A
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.