CVE-2024-29212

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Configurations

No configuration.

History

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://www.veeam.com/kb4575 - () https://www.veeam.com/kb4575 -

03 Jul 2024, 01:52

Type Values Removed Values Added
Summary
  • (es) Debido a un método de deserialización inseguro utilizado por el servidor Veeam Service Provider Console (VSPC) en la comunicación entre el agente de administración y sus componentes, bajo ciertas condiciones, es posible realizar la ejecución remota de código (RCE) en la máquina del servidor VSPC.
CWE CWE-502

14 May 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 15:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-29212

Mitre link : CVE-2024-29212

CVE.ORG link : CVE-2024-29212


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data