CVE-2024-42451

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-312
View all →

Vulnerability Description

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

Related Vulnerabilities

CVE-2021-1265

HIGH
CVSS:7.7(High)

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of manag...

CWE-3122021

CVE-2024-25661

HIGH
CVSS:7.7(High)

In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain var...

CWE-3122024

CVE-2008-6828

HIGH
CVSS:7.8(High)

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of t...

CWE-3122008

CVE-2017-1309

HIGH
CVSS:7.8(High)

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.

CWE-3122017

CVE-2018-12572

HIGH
CVSS:7.8(High)

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the...

CWE-3122018

CVE-2018-1877

HIGH
CVSS:7.8(High)

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713...

CWE-3122018