A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://www.veeam.com/kb4693 |     | 
History
                    Thu, 24 Apr 2025 17:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Veeam Veeam veeam Backup \& Replication | |
| CPEs | cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:* | |
| Vendors & Products | Veeam Veeam veeam Backup \& Replication | |
| Metrics | cvssV3_1 
 | 
Wed, 04 Dec 2024 15:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-862 | |
| Metrics | ssvc 
 | 
Wed, 04 Dec 2024 01:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services. | |
| References |  | |
| Metrics | cvssV3_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: hackerone
Published: 2024-12-04T01:06:04.668Z
Updated: 2024-12-04T14:54:37.763Z
Reserved: 2024-08-02T01:04:07.985Z
Link: CVE-2024-42453
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-12-04T14:54:34.464Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-12-04T02:15:04.837
Modified: 2025-04-24T17:11:34.860
Link: CVE-2024-42453
 Redhat
                        Redhat
                    No data.