CVE-2024-42451

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.veeam.com/kb4693

Configurations

No configuration.

History

04 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-04 02:15

Updated : 2024-12-04 15:15

NVD link : CVE-2024-42451

Mitre link : CVE-2024-42451

CVE.ORG link : CVE-2024-42451

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-863

Incorrect Authorization

7.7 /10