Improper Access Control Exposes Saved Credentials to Attackers
CVE-2024-42021
7.5HIGH
Summary
An improper access control vulnerability exists in Veeam Backup and Replication, which can be exploited by an attacker possessing valid access tokens. This vulnerability permits unauthorized access to saved credentials, potentially compromising sensitive information. It is essential for users of Veeam Backup and Replication to assess their security measures and ensure adequate protections are in place to mitigate potential risks associated with this vulnerability.
Affected Version(s)
One 12.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved