VYPR

Vendor CVEs

Veeam

All CVEs

81 total · sorted by risk
  • CVE-2024-40715Nov 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.

  • CVE-2024-42024Sep 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

  • CVE-2024-40713Sep 7, 2024
    risk 0.00cvss epss 0.00

    A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.

  • CVE-2024-40710Sep 7, 2024
    risk 0.00cvss epss 0.01

    A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a…

  • CVE-2024-42019Sep 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

  • CVE-2024-29851May 22, 2024
    risk 0.00cvss epss 0.01

    Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

  • CVE-2024-29853May 22, 2024
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

  • CVE-2024-29852May 22, 2024
    risk 0.00cvss epss 0.01

    Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

  • CVE-2024-29850May 22, 2024
    risk 0.00cvss epss 0.01

    Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

  • CVE-2024-22022Feb 7, 2024
    risk 0.00cvss epss 0.01

    Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

  • CVE-2024-22021Feb 7, 2024
    risk 0.00cvss epss 0.00

    Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.

  • CVE-2023-38548Nov 7, 2023
    risk 0.00cvss epss 0.12

    A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

  • CVE-2023-38549Nov 7, 2023
    risk 0.00cvss epss 0.19

    A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a…

  • CVE-2023-41723Nov 7, 2023
    risk 0.00cvss epss 0.12

    A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.

  • CVE-2023-28142Apr 18, 2023
    risk 0.00cvss epss 0.00

    A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM…

  • CVE-2023-28141Apr 18, 2023
    risk 0.00cvss epss 0.00

    An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or…

  • CVE-2023-0975Apr 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.

  • CVE-2022-43549Dec 5, 2022
    risk 0.00cvss epss 0.01

    Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.

  • CVE-2022-32225Jul 14, 2022
    risk 0.00cvss epss 0.00

    A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for…

  • CVE-2022-26504Mar 17, 2022
    risk 0.00cvss epss 0.02

    Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

  • CVE-2022-26503Mar 17, 2022
    risk 0.00cvss epss 0.01

    Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

  • CVE-2021-31836Sep 22, 2021
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.

  • CVE-2021-31847Sep 22, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as…

  • CVE-2021-31841Sep 22, 2021
    risk 0.00cvss epss 0.00

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the…

  • CVE-2021-35971Jun 30, 2021
    risk 0.00cvss epss 0.01

    Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.

  • CVE-2021-31840Jun 10, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to…

  • CVE-2021-25688Feb 11, 2021
    risk 0.00cvss epss 0.00

    Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.

  • CVE-2020-15518Jul 3, 2020
    risk 0.00cvss epss 0.01

    VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

  • CVE-2019-14298Jul 27, 2019
    risk 0.00cvss epss 0.01

    Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.

  • CVE-2019-14297Jul 27, 2019
    risk 0.00cvss epss 0.01

    Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.

  • CVE-2015-5742Oct 16, 2015
    risk 0.00cvss epss 0.01

    VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.

Page 2 of 2