CVE-2024-45206

Name: CVE-2024-45206
Creator: NVD / NIST
Published: 2024-12-04T02:15:05.427+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.24%

Last modified Jun 17, 2026

CVE-2024-45206 is a vulnerability of currently unknown severity. A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.

Metrics

EPSS Probability

0.24%

14.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-918

Affected Software

Vendor	Product	Versions
Veeam	Veeam Service Provider Console	>= 7.0.0.12777, < 8.1.0.21377

References

https://www.veeam.com/kb4649Vendor Advisory

Timeline

Published: Dec 4, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-45206?

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.

How severe is CVE-2024-45206?

Severity scoring for CVE-2024-45206 is pending analysis. The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.

How do I fix CVE-2024-45206?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-45206?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST