CVEDB API

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.498

EPSS Ranking 97.7%

CVSS Severity

CVSS v3 Score 9.8

Proposed Action

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

Ransomware Campaign

Known

References

Products affected by CVE-2024-40711

Veeam » Veeam Backup & Replication » Version: 12.0.0.1420

cpe:2.3:a:veeam:veeam_backup_&_replication:12.0.0.1420
Veeam » Veeam Backup & Replication » Version: 12.1.0.2131

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.0.2131
Veeam » Veeam Backup & Replication » Version: 12.1.1.56

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.1.56
Veeam » Veeam Backup & Replication » Version: 12.1.2.172

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.2.172