Veeam service provider console
This hub aggregates every CVE we track for Veeam service provider console. Use it to gauge the current risk picture and drill into individual advisories.
other
6
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
CRITICAL3HIGH2MEDIUM1
Monthly trend
0
4
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 6 most recently published vulnerabilities affecting Veeam service provider console.
- CVE-2024-45206A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.6.5
- CVE-2024-39715A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution ...8.5
- CVE-2024-39714A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.9.9
- CVE-2024-38651A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.8.5
- CVE-2024-38650An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.9.9
- CVE-2024-29212Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is p...9.9
Product normalization is registry-driven with AI assist and human review. How it works