{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T02:19:37.444","vulnerabilities":[{"cve":{"id":"CVE-2024-42456","sourceIdentifier":"support@hackerone.com","published":"2024-12-04T02:15:05.033","lastModified":"2025-04-24T17:09:48.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions."},{"lang":"es","value":"Una vulnerabilidad en la plataforma Veeam Backup &amp; Replication permite que un usuario con pocos privilegios y un rol específico aproveche un método que actualiza ajustes de configuración críticos, como modificar el certificado de cliente de confianza utilizado para la autenticación en un puerto específico. Esto puede generar un acceso no autorizado, lo que permite al usuario llamar a métodos privilegiados e iniciar servicios críticos. El problema surge debido a que no se cumplen los requisitos de permisos suficientes en el método, lo que permite que los usuarios con pocos privilegios realicen acciones que deberían requerir permisos de nivel superior."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0.1402","versionEndExcluding":"12.3.0.310","matchCriteriaId":"97D6D507-5200-44A1-9122-C3CF8660C1C7"}]}]}],"references":[{"url":"https://www.veeam.com/kb4693","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}}]}