Filtered by vendor Veeam
Subscriptions
Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43549 | 1 Veeam | 1 Veeam Backup For Google Cloud | 2025-04-24 | 9.8 Critical |
| Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | ||||
| CVE-2015-5742 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-12 | N/A |
| VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-04 | 9.8 Critical |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-03 | 8.8 High |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | ||||
| CVE-2025-23120 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-02 | 8.8 High |
| A vulnerability allowing remote code execution (RCE) for domain users. | ||||
| CVE-2024-29855 | 1 Veeam | 1 Recovery Orchestrator | 2025-03-27 | N/A |
| Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | ||||
| CVE-2024-40715 | 1 Veeam | 1 Backup \& Replication | 2025-03-25 | N/A |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | ||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-03-13 | 7.5 High |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | ||||
| CVE-2024-45206 | 1 Veeam | 1 Service Provider Console | 2025-03-13 | N/A |
| A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | ||||
| CVE-2024-42449 | 1 Veeam | 1 Service Provider Console | 2025-03-13 | N/A |
| From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | ||||
| CVE-2023-38548 | 1 Veeam | 1 One | 2025-03-06 | 4.3 Medium |
| A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | ||||
| CVE-2023-38547 | 1 Veeam | 1 One | 2025-03-06 | 9.8 Critical |
| A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. | ||||
| CVE-2024-40711 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2024-12-20 | 9.8 Critical |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | ||||
| CVE-2024-45207 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | ||||
| CVE-2024-29853 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | ||||
| CVE-2024-40709 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. | ||||
| CVE-2024-29852 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | ||||
| CVE-2024-29851 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | ||||
| CVE-2024-29850 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | ||||
| CVE-2024-29849 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | ||||