Modification of Product Configuration Files via Incorrect Permission Assignment
CVE-2024-42022

5.3MEDIUM

Key Information:

Vendor

Veeam
Status
One
Vendor
CVE Published:
7 September 2024

What is CVE-2024-42022?

An incorrect permission assignment vulnerability has been identified in Veeam Software's Backup and Replication product, which could potentially allow an unauthorized attacker to alter critical product configuration files. This flaw may lead to unauthorized access and manipulation of backup settings, impacting the integrity and security of data management operations. It is essential for users of affected versions to evaluate their systems and implement security best practices.

Affected Version(s)

One 12.1

References

https://www.veeam.com/kb4649

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-42022 : Modification of Product Configuration Files via Incorrect Permission Assignment