Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Veeam_backup_\&_replication
(Veeam)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-22 | CVE-2024-29849 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | Veeam_backup_\&_replication | N/A | ||
| 2024-05-22 | CVE-2024-29850 | Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | Veeam_backup_\&_replication | N/A | ||
| 2024-05-22 | CVE-2024-29851 | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | Veeam_backup_\&_replication | N/A | ||
| 2024-05-22 | CVE-2024-29852 | Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | Veeam_backup_\&_replication | N/A | ||
| 2024-09-07 | CVE-2024-39718 | An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. | Veeam_backup_\&_replication | 8.1 | ||
| 2024-09-07 | CVE-2024-40710 | A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | Veeam_backup_\&_replication | 8.8 | ||
| 2024-09-07 | CVE-2024-40712 | A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | Veeam_backup_\&_replication | 7.8 | ||
| 2024-09-07 | CVE-2024-40713 | A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | Veeam_backup_\&_replication | 7.8 | ||
| 2024-09-07 | CVE-2024-40714 | An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | Veeam_backup_\&_replication | 8.3 | ||
| 2023-03-10 | CVE-2023-27532 | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | Veeam_backup_\&_replication | 7.5 |