cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-42448,https://securityvulnerability.io/vulnerability/CVE-2024-42448,Remote Code Execution (RCE) Vulnerability in VSPC Management Agent,A remote code execution vulnerability exists in the VSPC management agent allowing an authorized agent on the server to execute arbitrary code on the VSPC server machine. This vulnerability can pose significant security risks by enabling unauthorized actions and data exposure on the affected systems.,Veeam,Service Provider Console,9.9,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-12T01:59:00.000Z,0
CVE-2024-42449,https://securityvulnerability.io/vulnerability/CVE-2024-42449,Arbitrary File Removal on VSPC Server,"A vulnerability within Veeam's VSPC management agent allows authorized management agents to execute unauthorized file deletions on the VSPC server. This capability poses significant security risks, as it can lead to data loss and server instability. Organizations utilizing Veeam solutions should assess their systems for this vulnerability to mitigate potential exploitation and ensure data integrity. Proper access controls and monitoring mechanisms are vital in defending against the unauthorized removal of critical files.",Veeam,Service Provider Console,7.1,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-38650,https://securityvulnerability.io/vulnerability/CVE-2024-38650,Authentication Bypass Vulnerability Affects NTLM Hash of Service Account on VSPC Server,"An authentication bypass vulnerability exists in the Veeam Service Provider Console that can be exploited by low privileged attackers. This flaw allows unauthorized access to critical information, specifically the NTLM hash of service accounts. If exploited, this vulnerability could enable attackers to escalate their privileges and compromise the security of the system.",Veeam,Veeam Service Provider Console,9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.353Z,0
CVE-2024-39715,https://securityvulnerability.io/vulnerability/CVE-2024-39715,Remote Code Execution Vulnerability in VSPC Server via REST API,"A code injection vulnerability exists in the VSPC server by Veeam, allowing low-privileged users with access to the REST API to upload arbitrary files. This flaw could enable an attacker to execute remote code on the VSPC server, potentially compromising the system and leading to unauthorized access or data manipulation. The vulnerability underscores the risks associated with insufficient input validation and access controls in REST API implementations.",Veeam,Veeam Service Provider Console,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.204Z,0
CVE-2024-38651,https://securityvulnerability.io/vulnerability/CVE-2024-38651,Low-Privileged Code Execution Vulnerability Affects VSPC Servers,"A code injection vulnerability exists within the Veeam Service Provider Console (VSPC) that allows low-privileged users to overwrite files. This flaw could be exploited to achieve remote code execution on the affected server, posing a significant security risk. The vulnerability underscores the importance of promptly applying security patches and maintaining strict user privilege controls.",Veeam,Veeam Service Provider Console,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.198Z,0
CVE-2024-39714,https://securityvulnerability.io/vulnerability/CVE-2024-39714,Arbitrary File Upload Vulnerability Affects VSPC Server,"A vulnerability exists within the VSPC server that allows a low-privileged user to execute a code injection attack by uploading arbitrary files to the server. This can lead to unauthorized remote code execution, posing significant security risks for affected systems. Proper safeguards and user permission management are essential to mitigate this vulnerability and protect the integrity of the VSPC server.",Veeam,Veeam Service Provider Console,9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.188Z,0
CVE-2024-29212,https://securityvulnerability.io/vulnerability/CVE-2024-29212,Veeam Service Provider Console (VSPC) Vulnerability: Remote Code Execution (RCE),"The Veeam Service Provider Console has a vulnerability, CVE-2024-29212, which allows for Remote Code Execution (RCE) due to an unsafe deserialization method. This vulnerability is rated as critical with a CVSS v3.1 Score of 9.9, and affects versions 4.0 to 8.0 of the Veeam Service Provider Console. The potential impact of this vulnerability is severe, and organizations are advised to patch their systems as soon as possible to prevent exploitation. There are no known exploits of this vulnerability in the wild, and it has not been linked to any ransomware groups.",Veeam,Service Provider Console,9.9,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-05-14T15:15:00.000Z,0