CVE-2024-38651

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38651
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

8.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.veeam.com/kb4649
Configurations

No configuration.

History

09 Sep 2024, 17:35

Type Values Removed Values Added
CWE CWE-94

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de inyección de código puede permitir que un usuario con pocos privilegios sobrescriba archivos en ese servidor VSPC, lo que puede provocar la ejecución remota de código en el servidor VSPC.

07 Sep 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-07 17:15

Updated : 2024-09-09 17:35

NVD link : CVE-2024-38651

Mitre link : CVE-2024-38651

CVE.ORG link : CVE-2024-38651

JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')