{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-29212","assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","state":"PUBLISHED","assignerShortName":"hackerone","dateReserved":"2024-03-19T01:04:06.323Z","datePublished":"2024-05-13T01:07:49.112Z","dateUpdated":"2024-08-02T01:10:54.643Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"Due to an  unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine."}],"affected":[{"defaultStatus":"unaffected","vendor":"Veeam","product":"Service Provider Console","versions":[{"version":"8","status":"affected","lessThanOrEqual":"8","versionType":"semver"},{"version":"7","status":"affected","lessThanOrEqual":"7","versionType":"semver"}]}],"references":[{"url":"https://www.veeam.com/kb4575"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL"}}],"providerMetadata":{"orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone","dateUpdated":"2024-05-13T01:07:49.112Z"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-29212","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-13T11:57:03.814114Z"}}}],"affected":[{"cpes":["cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:*"],"vendor":"veeam","product":"service_provider_console","versions":[{"status":"affected","version":"7"},{"status":"affected","version":"8"}],"defaultStatus":"unknown"}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data"}]}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:58:16.449Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T01:10:54.643Z"},"title":"CVE Program Container","references":[{"url":"https://www.veeam.com/kb4575","tags":["x_transferred"]}]}]}}