{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42449", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-08-02T01:04:07.984Z", "datePublished": "2024-12-04T01:06:04.625Z", "dateUpdated": "2025-03-13T14:54:19.282Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Service Provider Console", "versions": [{"version": "8.1", "status": "affected", "lessThanOrEqual": "8.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4679"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-12-04T01:06:04.625Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "affected": [{"vendor": "veeam", "product": "service_provider_console", "cpes": ["cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.1.0.21377", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-05T04:55:08.781974Z", "id": "CVE-2024-42449", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T14:54:19.282Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42449", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-05T04:55:08.781974Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:*"], "vendor": "veeam", "product": "service_provider_console", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.1.0.21377"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-09T14:19:29.993Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}}], "affected": [{"vendor": "Veeam", "product": "Service Provider Console", "versions": [{"status": "affected", "version": "8.1", "versionType": "semver", "lessThanOrEqual": "8.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4679"}], "descriptions": [{"lang": "en", "value": "From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-12-04T01:06:04.625Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42449", "state": "PUBLISHED", "dateUpdated": "2025-03-13T14:54:19.282Z", "dateReserved": "2024-08-02T01:04:07.984Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-12-04T01:06:04.625Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine."}, {"lang": "es", "value": " Desde la m\u00e1quina del agente de administraci\u00f3n de VSPC, siempre que el agente de administraci\u00f3n est\u00e9 autorizado en el servidor, es posible eliminar archivos arbitrarios en la m\u00e1quina del servidor de VSPC."}], "id": "CVE-2024-42449", "lastModified": "2025-03-13T15:15:47.283", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-12-04T02:15:04.533", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4679"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}