Remote Code Execution Vulnerability in VSPC Server via REST API
CVE-2024-39715
8.5HIGH
Key Information:
- Vendor
Veeam
- Vendor
- CVE Published:
- 7 September 2024
What is CVE-2024-39715?
A code injection vulnerability exists in the VSPC server by Veeam, allowing low-privileged users with access to the REST API to upload arbitrary files. This flaw could enable an attacker to execute remote code on the VSPC server, potentially compromising the system and leading to unauthorized access or data manipulation. The vulnerability underscores the risks associated with insufficient input validation and access controls in REST API implementations.
Affected Version(s)
Veeam Service Provider Console 8