Filtered by vendor Veeam
Subscribe
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29849 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 9.8 CRITICAL |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | |||||
| CVE-2024-29850 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 8.8 HIGH |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | |||||
| CVE-2024-29851 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 7.2 HIGH |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | |||||
| CVE-2024-29852 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 2.7 LOW |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | |||||
| CVE-2024-29853 | 1 Veeam | 1 Veeam Agent For Windows | 2025-07-03 | N/A | 7.8 HIGH |
| An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | |||||
| CVE-2025-23082 | 1 Veeam | 1 Veeam Backup For Microsoft Azure | 2025-07-03 | N/A | 7.2 HIGH |
| Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-45206 | 1 Veeam | 1 Veeam Service Provider Console | 2025-07-02 | N/A | 6.5 MEDIUM |
| A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | |||||
| CVE-2024-45207 | 1 Veeam | 1 Veeam Agent For Windows | 2025-07-02 | N/A | 7.0 HIGH |
| DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | |||||
| CVE-2024-29212 | 1 Veeam | 1 Veeam Service Provider Console | 2025-06-30 | N/A | 9.9 CRITICAL |
| Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | |||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2025-06-05 | N/A | 4.3 MEDIUM |
| Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | |||||
| CVE-2024-22022 | 1 Veeam | 1 Recovery Orchestrator | 2025-06-03 | N/A | 8.8 HIGH |
| Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | |||||
| CVE-2024-39718 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-08 | N/A | 8.1 HIGH |
| An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. | |||||
| CVE-2024-42019 | 1 Veeam | 1 One | 2025-05-01 | N/A | 8.0 HIGH |
| A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. | |||||
| CVE-2024-40714 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 8.3 HIGH |
| An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | |||||
| CVE-2024-40713 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 7.8 HIGH |
| A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||||
| CVE-2024-40712 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 7.8 HIGH |
| A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | |||||
| CVE-2024-40710 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-05-01 | N/A | 8.8 HIGH |
| A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | |||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | N/A | 5.3 MEDIUM |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | |||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2025-04-28 | N/A | 8.8 HIGH |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | |||||