{"id":"CVE-2024-40711","details":"A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).","modified":"2026-04-10T05:15:29.534937Z","published":"2024-09-07T17:15:13.260Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40711"},{"type":"ADVISORY","url":"https://www.veeam.com/kb4649"},{"type":"EVIDENCE","url":"https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"12.0.0.1420"},{"fixed":"12.2.0.334"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40711.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}