VYPR

Veeam Backup \& Replication

by Veeam

CVEs (35)

  • CVE-2024-42457Dec 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and…

  • CVE-2024-42452Dec 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges.…

  • CVE-2024-40717Dec 4, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed…

  • CVE-2024-42456Dec 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result…

  • CVE-2024-42455Dec 4, 2024
    risk 0.00cvss epss 0.14

    A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service…

  • CVE-2024-40713Sep 7, 2024
    risk 0.00cvss epss 0.00

    A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.

  • CVE-2024-40710Sep 7, 2024
    risk 0.00cvss epss 0.01

    A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a…

  • CVE-2024-42019Sep 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

  • CVE-2024-29851May 22, 2024
    risk 0.00cvss epss 0.01

    Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

  • CVE-2024-29852May 22, 2024
    risk 0.00cvss epss 0.01

    Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

  • CVE-2024-29850May 22, 2024
    risk 0.00cvss epss 0.01

    Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

  • CVE-2022-26504Mar 17, 2022
    risk 0.00cvss epss 0.02

    Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

  • CVE-2021-35971Jun 30, 2021
    risk 0.00cvss epss 0.01

    Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.

  • CVE-2020-15518Jul 3, 2020
    risk 0.00cvss epss 0.01

    VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

  • CVE-2015-5742Oct 16, 2015
    risk 0.00cvss epss 0.01

    VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.

Page 2 of 2