A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 29 Oct 2024 22:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 18 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Fri, 18 Oct 2024 04:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-10-17'}


Thu, 17 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-10-17'}


Thu, 17 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-10-17'}


Thu, 17 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup \& Replication
Weaknesses CWE-502
CPEs cpe:2.3:a:veeam:backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam
Veeam backup \& Replication
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 07 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-07-30T01:36:33.808Z

Reserved: 2024-07-09T01:04:07.425Z

Link: CVE-2024-40711

cve-icon Vulnrichment

Updated: 2024-09-09T15:11:22.876Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-07T17:15:13.260

Modified: 2024-12-20T16:35:59.103

Link: CVE-2024-40711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.