How severe is CVE-2024-42449?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Veeam Service Provider Console

CVE-2024-42449

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H.

Affected products

Veeam Service Provider Console — versions 8.1

References

www.veeam.com/kb4679

Frequently asked questions

What is CVE-2024-42449?: CVE-2024-42449 is a high-severity vulnerability in Veeam Service Provider Console. CVSS score: 7.1/10. Published 2024-12-04.
How severe is CVE-2024-42449?: High severity. CVSS v3 base score is 7.1 out of 10.