Home > Security Bulletins > Veeam Service Provider Remote Code Execution (CVE-2024-29212)

Veeam Service Provider Remote Code Execution (CVE-2024-29212)

data classification organizer

8th May 2024


Veeam has confirmed a remote code execution vulnerability in Veeam Service Provider Console.

CVE-2024-29212 (CVSS: 8.8 [High]) is caused by an unsafe deserialization method used by the Veeam Service Provider Console server in communication between the management agent and its components. Under certain conditions, remote code execution is possible on the server.

Veeam Service Provider Console is used by Managed Service Providers and companies for backup and disaster recovery services.

The vulnerability was discovered during internal testing by Veeam and patches have been released. We hope this means that the impact will be negligible.

Affected Products

Versions 4.x, 5.x, 6.x, 7.x and 8.x are affected.


Veeam Service Provider Console

Veeam Service Provider Console

We recommend any users not on 7.0/8.0 to upgrade immediately as it appears that previous versions will not be patched.