CVE-2024-29212

{"id": "CVE-2024-29212", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2024-05-14T15:15:43.623", "references": [{"url": "https://www.veeam.com/kb4575", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine."}, {"lang": "es", "value": "Debido a un m\u00e9todo de deserializaci\u00f3n inseguro utilizado por el servidor Veeam Service Provider Console (VSPC) en la comunicaci\u00f3n entre el agente de administraci\u00f3n y sus componentes, bajo ciertas condiciones, es posible realizar la ejecuci\u00f3n remota de c\u00f3digo (RCE) en la m\u00e1quina del servidor VSPC."}], "lastModified": "2024-07-03T01:52:20.207", "sourceIdentifier": "support@hackerone.com"}