Issue Details
CVE-2024-29212
Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
This vulnerability was detected during internal testing.
Severity: CriticalCVSS v3.1 Score: 9.9CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Solution
The vulnerability documented in this article was fixed starting in the following builds of Veeam Service Provider Console:
