Veeam Service Provider Console
Approved changes feed: RSS · Atom
cpe:2.3:a:veeam:veeam_service_provider_console:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Veeam (203dc226-d9ed-503f-8231-d4e4e702036f) |
|---|---|
| Product | Veeam Service Provider Console (c5c0b2ce-a6e4-5d54-a8c6-3edf2aba9594) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-45206 |
vulnerable | 2026-06-03 14:56:49.114610 |
Details available
MEDIUM (6.5)
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
Published: 2024-12-04T01:06:04.650Z
Updated: 2025-03-13T18:36:04.573Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39715 |
vulnerable | 2026-06-03 14:56:22.272314 |
Details available
HIGH (8.5)
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
Published: 2024-09-07T16:11:22.204Z
Updated: 2024-09-09T15:15:08.789Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39714 |
vulnerable | 2026-06-03 14:56:22.272004 |
Details available
CRITICAL (9.9)
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
Published: 2024-09-07T16:11:22.188Z
Updated: 2024-09-09T16:23:20.600Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38651 |
vulnerable | 2026-06-03 14:56:19.212082 |
Details available
HIGH (8.5)
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
Published: 2024-09-07T16:11:22.198Z
Updated: 2024-09-09T16:20:59.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38650 |
vulnerable | 2026-06-03 14:56:19.211697 |
Details available
CRITICAL (9.9)
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
Published: 2024-09-07T16:11:22.353Z
Updated: 2024-09-09T13:29:12.838Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29212 |
vulnerable | 2026-06-03 14:55:27.110039 |
Details available
CRITICAL (9.9)
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Published: 2024-05-13T01:07:49.112Z
Updated: 2024-08-02T01:10:54.643Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.