A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.
References
History

Wed, 04 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312
CWE-863
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 04 Dec 2024 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.
References
Metrics cvssV3_0

{'score': 7.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-12-04T01:06:04.677Z

Updated: 2024-12-04T14:53:46.665Z

Reserved: 2024-08-02T01:04:07.984Z

Link: CVE-2024-42451

cve-icon Vulnrichment

Updated: 2024-12-04T14:53:13.868Z

cve-icon NVD

Status : Received

Published: 2024-12-04T02:15:04.643

Modified: 2024-12-04T15:15:11.273

Link: CVE-2024-42451

cve-icon Redhat

No data.