Skip to main content

Veeam Service Provider Console

2 CVEs product

Monthly

CVE-2024-45206 MEDIUM This Month

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Veeam Service Provider Console
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2024-29212 CRITICAL Act Now

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Veeam Service Provider Console
NVD
CVSS 3.0
9.9
EPSS
1.6%
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Veeam Service Provider Console
NVD
EPSS 2% CVSS 9.9
CRITICAL Act Now

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Veeam Service Provider Console
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy