CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42451

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.3%

CVSS Severity

CVSS v3 Score 7.7

References

https://www.veeam.com/kb4693

Products affected by CVE-2024-42451

Veeam » Veeam Backup & Replication » Version: 12.0.0.1420

cpe:2.3:a:veeam:veeam_backup_&_replication:12.0.0.1420
Veeam » Veeam Backup & Replication » Version: 12.1.0.2131

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.0.2131
Veeam » Veeam Backup & Replication » Version: 12.1.1.56

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.1.56
Veeam » Veeam Backup & Replication » Version: 12.1.2.172

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.2.172
Veeam » Veeam Backup & Replication » Version: 12.2.0.334

cpe:2.3:a:veeam:veeam_backup_&_replication:12.2.0.334

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42451

Products

Pricing

Contact Us