{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38651", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-06-19T01:04:07.137Z", "datePublished": "2024-09-07T16:11:22.198Z", "dateUpdated": "2024-09-09T16:20:59.132Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Veeam Service Provider Console", "versions": [{"version": "8", "status": "affected", "lessThanOrEqual": "8", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4649"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-09-07T16:11:22.198Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "veeam", "product": "service_provider_console", "cpes": ["cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "8", "status": "affected", "lessThanOrEqual": "8.0.0.19552", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T16:19:56.829824Z", "id": "CVE-2024-38651", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T16:20:59.132Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38651", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-09T16:19:56.829824Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:*"], "vendor": "veeam", "product": "service_provider_console", "versions": [{"status": "affected", "version": "8", "versionType": "semver", "lessThanOrEqual": "8.0.0.19552"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T16:20:08.583Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Veeam", "product": "Veeam Service Provider Console", "versions": [{"status": "affected", "version": "8", "versionType": "semver", "lessThanOrEqual": "8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4649"}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-09-07T16:11:22.198Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38651", "state": "PUBLISHED", "dateUpdated": "2024-09-09T16:20:59.132Z", "dateReserved": "2024-06-19T01:04:07.137Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-09-07T16:11:22.198Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo puede permitir que un usuario con pocos privilegios sobrescriba archivos en ese servidor VSPC, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo en el servidor VSPC."}], "id": "CVE-2024-38651", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-09-07T17:15:12.347", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4649"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}