Filtered by vendor Veeam
Subscriptions
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40710 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
| A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | ||||
| CVE-2024-39714 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. | ||||
| CVE-2024-38651 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. | ||||
| CVE-2024-40712 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
| A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | ||||
| CVE-2024-39715 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | ||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2024-09-09 | N/A |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | ||||
| CVE-2024-40713 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
| A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | ||||
| CVE-2024-42024 | 1 Veeam | 1 One | 2024-09-09 | N/A |
| A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | ||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2024-09-09 | N/A |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | ||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2024-09-09 | N/A |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | ||||
| CVE-2024-40718 | 1 Veeam | 2 Backup For Nutanix Ahv, Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization | 2024-09-09 | N/A |
| A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. | ||||
| CVE-2024-40714 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
| An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | ||||
| CVE-2024-38650 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. | ||||