Описание
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0.0.19551 (исключая)Версия от 8.0.0.18054 (включая) до 8.0.0.19552 (исключая)
Одно из
cpe:2.3:a:veeam:veeam_service_provider_console:*:*:*:*:*:*:*:*
cpe:2.3:a:veeam:veeam_service_provider_console:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.29663
Средний
9.9 Critical
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.9
github
больше 1 года назад
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
EPSS
Процентиль: 96%
0.29663
Средний
9.9 Critical
CVSS3
Дефекты
CWE-502