CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.3%

CVSS Severity

CVSS v3 Score 7.1

References

https://www.veeam.com/kb4693

Products affected by CVE-2024-42455

Veeam » Veeam Backup & Replication » Version: 12.0.0.1420

cpe:2.3:a:veeam:veeam_backup_&_replication:12.0.0.1420
Veeam » Veeam Backup & Replication » Version: 12.1.0.2131

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.0.2131
Veeam » Veeam Backup & Replication » Version: 12.1.1.56

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.1.56
Veeam » Veeam Backup & Replication » Version: 12.1.2.172

cpe:2.3:a:veeam:veeam_backup_&_replication:12.1.2.172
Veeam » Veeam Backup & Replication » Version: 12.2.0.334

cpe:2.3:a:veeam:veeam_backup_&_replication:12.2.0.334

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-42455

Products

Pricing

Contact Us