A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.veeam.com/kb4693 |
History
Wed, 04 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-312 CWE-863 |
|
Metrics |
ssvc
|
Wed, 04 Dec 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-12-04T01:06:04.677Z
Updated: 2024-12-04T14:53:46.665Z
Reserved: 2024-08-02T01:04:07.984Z
Link: CVE-2024-42451
Vulnrichment
Updated: 2024-12-04T14:53:13.868Z
NVD
Status : Received
Published: 2024-12-04T02:15:04.643
Modified: 2024-12-04T15:15:11.273
Link: CVE-2024-42451
Redhat
No data.