Filtered by vendor Veeam Subscriptions
Filtered by product Service Provider Console Subscriptions

Search

Switch to Advanced Search (Beta)
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45206 1 Veeam 2 Service Provider Console, Veeam Service Provider Console 2025-07-02 N/A
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVE-2024-42449 1 Veeam 1 Service Provider Console 2025-03-13 N/A
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.
CVE-2024-42448 1 Veeam 1 Service Provider Console 2024-12-12 N/A
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVE-2024-39714 1 Veeam 1 Service Provider Console 2024-09-09 N/A
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
CVE-2024-38651 1 Veeam 1 Service Provider Console 2024-09-09 N/A
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
CVE-2024-39715 1 Veeam 1 Service Provider Console 2024-09-09 N/A
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
CVE-2024-38650 1 Veeam 1 Service Provider Console 2024-09-09 N/A
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.