Filtered by vendor Veeam
Subscriptions
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-02-03 | 9.8 Critical |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-02-03 | 8.8 High |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | ||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-01-28 | 7.5 High |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | ||||
| CVE-2024-40711 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2024-12-20 | 9.8 Critical |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | ||||
| CVE-2024-42449 | 1 Veeam | 1 Service Provider Console | 2024-12-09 | N/A |
| From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | ||||
| CVE-2024-42455 | 1 Veeam | 1 Backup And Replication | 2024-12-05 | N/A |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | ||||
| CVE-2024-42456 | 1 Veeam | 1 Backup And Replication | 2024-12-04 | N/A |
| A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | ||||
| CVE-2024-40717 | 1 Veeam | 1 Backup And Replication | 2024-12-04 | N/A |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. | ||||
| CVE-2024-45207 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | ||||
| CVE-2024-42452 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise. | ||||
| CVE-2024-45206 | 1 Veeam | 1 Service Provider Console | 2024-12-04 | N/A |
| A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | ||||
| CVE-2024-29853 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | ||||
| CVE-2024-40709 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. | ||||
| CVE-2024-29852 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | ||||
| CVE-2024-29851 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | ||||
| CVE-2024-29850 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | ||||
| CVE-2024-29849 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | ||||
| CVE-2024-22022 | 1 Veeam | 1 Recovery Orchestrator | 2024-11-21 | 8.8 High |
| Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | ||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2024-11-21 | 4.3 Medium |
| Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | ||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2024-11-21 | 4.3 Medium |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | ||||