Modification of Product Configuration Files via Incorrect Permission Assignment
CVE-2024-42022

7.5HIGH

Key Information:

Vendor: Veeam
Status: One
Vendor: CVE Published:; 7 September 2024

Summary

An incorrect permission assignment vulnerability has been identified in Veeam Software's Backup and Replication product, which could potentially allow an unauthorized attacker to alter critical product configuration files. This flaw may lead to unauthorized access and manipulation of backup settings, impacting the integrity and security of data management operations. It is essential for users of affected versions to evaluate their systems and implement security best practices.

Affected Version(s)

One 12.1

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 7, 2024
Vulnerability Reserved
Jul 27, 2024