Filtered by vendor Veeam
Subscriptions
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45206 | 1 Veeam | 1 Service Provider Console | 2025-03-13 | N/A |
| A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | ||||
| CVE-2024-42449 | 1 Veeam | 1 Service Provider Console | 2025-03-13 | N/A |
| From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | ||||
| CVE-2023-38548 | 1 Veeam | 1 One | 2025-03-06 | 4.3 Medium |
| A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | ||||
| CVE-2023-38547 | 1 Veeam | 1 One | 2025-03-06 | 9.8 Critical |
| A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. | ||||
| CVE-2024-40711 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2024-12-20 | 9.8 Critical |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | ||||
| CVE-2024-45207 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | ||||
| CVE-2024-29853 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | ||||
| CVE-2024-40709 | 1 Veeam | 1 Agent | 2024-12-04 | N/A |
| A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. | ||||
| CVE-2024-29852 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | ||||
| CVE-2024-29851 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | ||||
| CVE-2024-29850 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | ||||
| CVE-2024-29849 | 1 Veeam | 1 Backup Enterprise Manager | 2024-11-21 | N/A |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | ||||
| CVE-2024-22022 | 1 Veeam | 1 Recovery Orchestrator | 2024-11-21 | 8.8 High |
| Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | ||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2024-11-21 | 4.3 Medium |
| Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | ||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2024-11-21 | 4.3 Medium |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | ||||
| CVE-2023-38549 | 1 Veeam | 1 One | 2024-11-21 | 5.4 Medium |
| A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. | ||||
| CVE-2022-32225 | 1 Veeam | 1 Management Pack | 2024-11-21 | 6.1 Medium |
| A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. | ||||
| CVE-2022-26504 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-11-21 | 8.8 High |
| Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | ||||
| CVE-2022-26503 | 2 Microsoft, Veeam | 2 Windows, Veeam | 2024-11-21 | 7.8 High |
| Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | ||||
| CVE-2021-35971 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-11-21 | 9.8 Critical |
| Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | ||||