VDB

CVE-2024-38651

CVE-2024-38651 PUBLISHED CVSS 8.5 HIGH

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

EPSS 3.20% · 87.3th percentile

Risk Scores

CVSS 3.0
8.5
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
3.20%
87.3th percentile

Affected Products

VendorProductVersions
VeeamVeeam Service Provider Console8, 8
veeamservice_provider_console8, 8

Timeline

  • Sep 5, 2024 CVE Published
  • Sep 7, 2024 PoC Published
  • Sep 8, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 18, 2024 EPSS Score
  • Nov 7, 2024 EPSS Score
  • Dec 18, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
  • Feb 15, 2025 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›