You are currently viewing Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )

For anyone running the Veeam Service Provider Console, v7 or v8, a vulnerability was detected and a patch released a few weeks ago. Today, the patch was rereleased with additional improvements added. If you’re running unpatched, or if you applied the original patch, it’s recommended to update to the latest release. Note that this vulnerability does not apply to Veeam Backup & Replication, Veeam Agent for Windows or Veeam ONE, and applies only to the Service Provider Console. More information is available at

Issue Details


Due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.

This vulnerability was detected during internal testing.

Severity: Critical
CVSS v3.1 Score: 9.9

Did you hear about the cat that ate a lemon?
(click to reveal the answer)
Now it’s a sour puss.

Leave a Reply