216.73.217.80

CVE-2024-42451

· Published 04/12/2024 02:15 · Modified 04/12/2024 15:15

Labels: CVE-2024-42451 2024-12-04CVE-2024-42451CWE-312[email protected]

Essential information

Published
04/12/2024 02:15
Modified
04/12/2024 15:15
Author
Creator
CVSS
7.7 HIGH (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS metrics

Description

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References