Description

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.

INFO

Published Date :

2024-12-04T01:06:04.626Z

Last Modified :

2024-12-05T10:59:46.913Z

Source :

hackerone
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42455 vulnerability.

Vendors Products
Veeam
  • Backup And Replication
  • Veeam Backup \& Replication
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42455.

URL Resource
https://www.veeam.com/kb4693 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact