{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T14:12:11.605","vulnerabilities":[{"cve":{"id":"CVE-2024-42457","sourceIdentifier":"support@hackerone.com","published":"2024-12-04T02:15:05.133","lastModified":"2025-04-24T17:08:34.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext."},{"lang":"es","value":"Una vulnerabilidad en Veeam Backup & Replication permite a los usuarios con determinados roles de operador exponer las credenciales guardadas aprovechando una combinación de métodos en una interfaz de gestión remota. Esto se puede lograr utilizando un objeto de sesión que permite la enumeración y explotación de credenciales, lo que lleva a la filtración de credenciales de texto sin formato a un host malicioso. El ataque se facilita mediante el uso indebido de un método que permite a los operadores agregar un nuevo host con una IP controlada por el atacante, lo que les permite recuperar credenciales confidenciales en texto plano."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0.1402","versionEndExcluding":"12.3.0.310","matchCriteriaId":"97D6D507-5200-44A1-9122-C3CF8660C1C7"}]}]}],"references":[{"url":"https://www.veeam.com/kb4693","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}}]}