Improper Access Control Exposes Saved Credentials to Attackers
CVE-2024-42021

6.5MEDIUM

Key Information:

Vendor

Veeam
Status
One
Vendor
CVE Published:
7 September 2024

What is CVE-2024-42021?

An improper access control vulnerability exists in Veeam Backup and Replication, which can be exploited by an attacker possessing valid access tokens. This vulnerability permits unauthorized access to saved credentials, potentially compromising sensitive information. It is essential for users of Veeam Backup and Replication to assess their security measures and ensure adequate protections are in place to mitigate potential risks associated with this vulnerability.

Affected Version(s)

One 12.1

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-42021 : Improper Access Control Exposes Saved Credentials to Attackers