Veeam Reporter Service NTLM Hash Exposure via User Interaction
CVE-2024-42019 Published on September 7, 2024
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2024-42019 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2024-42019
Want to know whenever a new CVE is published for Veeam One? stack.watch will email you.
Affected Versions
Veeam One:- Version 12.1, <= 12.1 is affected.
- Version 12, <= 12.1.0.3208 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.