Vendor CVEs
Veeam
All CVEs
81 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40715 | 0.00 | — | 0.01 | Nov 7, 2024 | A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | |||
| CVE-2024-42024 | 0.00 | — | 0.01 | Sep 7, 2024 | A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | |||
| CVE-2024-40713 | 0.00 | — | 0.00 | Sep 7, 2024 | A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||
| CVE-2024-40710 | 0.00 | — | 0.01 | Sep 7, 2024 | A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a… | |||
| CVE-2024-42019 | 0.00 | — | 0.01 | Sep 7, 2024 | A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. | |||
| CVE-2024-29851 | 0.00 | — | 0.01 | May 22, 2024 | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | |||
| CVE-2024-29853 | 0.00 | — | 0.00 | May 22, 2024 | An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | |||
| CVE-2024-29852 | 0.00 | — | 0.01 | May 22, 2024 | Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | |||
| CVE-2024-29850 | 0.00 | — | 0.01 | May 22, 2024 | Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | |||
| CVE-2024-22022 | 0.00 | — | 0.01 | Feb 7, 2024 | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | |||
| CVE-2024-22021 | 0.00 | — | 0.00 | Feb 7, 2024 | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | |||
| CVE-2023-38548 | 0.00 | — | 0.12 | Nov 7, 2023 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | |||
| CVE-2023-38549 | 0.00 | — | 0.19 | Nov 7, 2023 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a… | |||
| CVE-2023-41723 | 0.00 | — | 0.12 | Nov 7, 2023 | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | |||
| CVE-2023-28142 | 0.00 | — | 0.00 | Apr 18, 2023 | A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM… | |||
| CVE-2023-28141 | 0.00 | — | 0.00 | Apr 18, 2023 | An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or… | |||
| CVE-2023-0975 | 0.00 | — | 0.00 | Apr 3, 2023 | A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. | |||
| CVE-2022-43549 | 0.00 | — | 0.01 | Dec 5, 2022 | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | |||
| CVE-2022-32225 | 0.00 | — | 0.00 | Jul 14, 2022 | A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for… | |||
| CVE-2022-26504 | 0.00 | — | 0.02 | Mar 17, 2022 | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | |||
| CVE-2022-26503 | 0.00 | — | 0.01 | Mar 17, 2022 | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | |||
| CVE-2021-31836 | 0.00 | — | 0.00 | Sep 22, 2021 | Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. | |||
| CVE-2021-31847 | 0.00 | — | 0.00 | Sep 22, 2021 | Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as… | |||
| CVE-2021-31841 | 0.00 | — | 0.00 | Sep 22, 2021 | A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the… | |||
| CVE-2021-35971 | 0.00 | — | 0.01 | Jun 30, 2021 | Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | |||
| CVE-2021-31840 | 0.00 | — | 0.00 | Jun 10, 2021 | A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to… | |||
| CVE-2021-25688 | 0.00 | — | 0.00 | Feb 11, 2021 | Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs. | |||
| CVE-2020-15518 | 0.00 | — | 0.01 | Jul 3, 2020 | VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | |||
| CVE-2019-14298 | 0.00 | — | 0.01 | Jul 27, 2019 | Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. | |||
| CVE-2019-14297 | 0.00 | — | 0.01 | Jul 27, 2019 | Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. | |||
| CVE-2015-5742 | 0.00 | — | 0.01 | Oct 16, 2015 | VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files. |
- CVE-2024-40715Nov 7, 2024risk 0.00cvss —epss 0.01
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
- CVE-2024-42024Sep 7, 2024risk 0.00cvss —epss 0.01
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
- CVE-2024-40713Sep 7, 2024risk 0.00cvss —epss 0.00
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
- CVE-2024-40710Sep 7, 2024risk 0.00cvss —epss 0.01
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a…
- CVE-2024-42019Sep 7, 2024risk 0.00cvss —epss 0.01
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
- CVE-2024-29851May 22, 2024risk 0.00cvss —epss 0.01
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
- CVE-2024-29853May 22, 2024risk 0.00cvss —epss 0.00
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
- CVE-2024-29852May 22, 2024risk 0.00cvss —epss 0.01
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
- CVE-2024-29850May 22, 2024risk 0.00cvss —epss 0.01
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
- CVE-2024-22022Feb 7, 2024risk 0.00cvss —epss 0.01
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
- CVE-2024-22021Feb 7, 2024risk 0.00cvss —epss 0.00
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
- CVE-2023-38548Nov 7, 2023risk 0.00cvss —epss 0.12
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
- CVE-2023-38549Nov 7, 2023risk 0.00cvss —epss 0.19
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a…
- CVE-2023-41723Nov 7, 2023risk 0.00cvss —epss 0.12
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
- CVE-2023-28142Apr 18, 2023risk 0.00cvss —epss 0.00
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM…
- CVE-2023-28141Apr 18, 2023risk 0.00cvss —epss 0.00
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or…
- CVE-2023-0975Apr 3, 2023risk 0.00cvss —epss 0.00
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.
- CVE-2022-43549Dec 5, 2022risk 0.00cvss —epss 0.01
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.
- CVE-2022-32225Jul 14, 2022risk 0.00cvss —epss 0.00
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for…
- CVE-2022-26504Mar 17, 2022risk 0.00cvss —epss 0.02
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
- CVE-2022-26503Mar 17, 2022risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
- CVE-2021-31836Sep 22, 2021risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
- CVE-2021-31847Sep 22, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as…
- CVE-2021-31841Sep 22, 2021risk 0.00cvss —epss 0.00
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the…
- CVE-2021-35971Jun 30, 2021risk 0.00cvss —epss 0.01
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.
- CVE-2021-31840Jun 10, 2021risk 0.00cvss —epss 0.00
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to…
- CVE-2021-25688Feb 11, 2021risk 0.00cvss —epss 0.00
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
- CVE-2020-15518Jul 3, 2020risk 0.00cvss —epss 0.01
VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.
- CVE-2019-14298Jul 27, 2019risk 0.00cvss —epss 0.01
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
- CVE-2019-14297Jul 27, 2019risk 0.00cvss —epss 0.01
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
- CVE-2015-5742Oct 16, 2015risk 0.00cvss —epss 0.01
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.
Page 2 of 2