Vendor
Veeam
Products
3
CVEs
9
Across products
9
Status
Private
Products
3- 5 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21669 | Cri | 0.64 | 9.9 | 0.00 | Mar 12, 2026 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | |
| CVE-2026-21671 | Cri | 0.59 | 9.1 | 0.00 | Mar 12, 2026 | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | |
| CVE-2026-21668 | Hig | 0.57 | 8.8 | 0.00 | Mar 12, 2026 | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | |
| CVE-2026-21670 | Hig | 0.50 | 7.7 | 0.00 | Mar 12, 2026 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |
| CVE-2024-29212 | 0.02 | — | 0.30 | May 13, 2024 | Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | ||
| CVE-2024-45207 | 0.00 | — | 0.00 | Dec 4, 2024 | DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | ||
| CVE-2024-45206 | 0.00 | — | 0.00 | Dec 4, 2024 | A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | ||
| CVE-2024-29853 | 0.00 | — | 0.00 | May 22, 2024 | An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | ||
| CVE-2015-5742 | 0.00 | — | 0.00 | Oct 16, 2015 | VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files. |