Description
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
References (1)
Core 1
Core References
Vendor Advisory
https://www.veeam.com/kb4649
Scores
CVSS v3
6.5
EPSS
0.0024
EPSS Percentile
14.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
veeam/veeam_service_provider_console
7.0.0.12777 - 8.1.0.21377
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026