Improper Access Control Exposes Saved Credentials to Attackers
CVE-2024-42021

7.5HIGH

Key Information:

Vendor
Veeam
Status
Vendor
CVE Published:
7 September 2024

Summary

An improper access control vulnerability exists in Veeam Backup and Replication, which can be exploited by an attacker possessing valid access tokens. This vulnerability permits unauthorized access to saved credentials, potentially compromising sensitive information. It is essential for users of Veeam Backup and Replication to assess their security measures and ensure adequate protections are in place to mitigate potential risks associated with this vulnerability.

Affected Version(s)

One 12.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.