CVE-2024-29212

critical

Veeam

CVSS v3 Base Score

9.9

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: May 14, 2024 (730 days ago)

Last Modified: June 30, 2025

Vendor: Veeam

Source: NVD

Description

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

References

🔗 www.veeam.com 🔗 www.veeam.com

CVE-2024-29212

Vulnerability Report

Description

References