VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one_reporter | 9.5.0.3201 |
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one_reporter | 9.5.0.3201 |
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one_reporter | 9.5.0.3201 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | 9.5.4.4587 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | 9.5.4.4587 |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSRSReport class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10709.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one_firmware | * |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10710.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one_firmware | * |
VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_availability_suite | * |
| veeam | veeam_backup_&_replication | * |
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | backup_&_replication | 10.0.1.4854 |
| veeam | veeam_backup_&_replication | 9.5.4.2615 |
| veeam | backup_&_replication | * |
| veeam | backup_&_replication | 11.0.1.1261 |
| veeam | backup_&_replication | 9.5.4.2615 |
| veeam | veeam_backup_&_replication | 11.0.1.1261 |
| veeam | veeam_backup_&_replication | * |
| veeam | veeam_backup_&_replication | 9.5.0.1536 |
| veeam | veeam_backup_&_replication | 10.0.1.4854 |
| veeam | backup_&_replication | 9.5.0.1536 |
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | backup_&_replication | 10.0.1.4854 |
| veeam | backup_&_replication | * |
| veeam | backup_&_replication | 11.0.1.1261 |
| veeam | veeam_backup_&_replication | 11.0.1.1261 |
| veeam | veeam_backup_&_replication | * |
| veeam | veeam_backup_&_replication | 10.0.1.4854 |
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam | * |
| veeam | veeam | 2.0 |
| veeam | veeam | 3.0.2 |
| veeam | veeam | 2.1 |
| veeam | veeam | 2.2 |
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | 9.5.4.2615 |
| veeam | veeam_backup_&_replication | 11.0.1.1261 |
| veeam | veeam_backup_&_replication | * |
| veeam | veeam_backup_&_replication | 9.5.0.1536 |
| veeam | veeam_backup_&_replication | 10.0.1.4854 |
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | management_pack | 8.0 |
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_for_google_cloud | 3.0 |
| veeam | veeam_backup_for_google_cloud | 1.0 |
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | backup_&_replication | 11.0.1.1261 |
| veeam | backup_&_replication | 12.0.0.1420 |
| veeam | veeam_backup_&_replication | 11.0.1.1261 |
| veeam | veeam_backup_&_replication | * |
| veeam | veeam_backup_&_replication | 12.0.0.1420 |
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | 11.0.0.1379 |
| veeam | one | 12.0.1.2591 |
| veeam | one | 11.0.1.1880 |
| veeam | one | 12.0.0.2498 |
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | 12.0.1.2591 |
| veeam | one | 12.0.0.2498 |
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | 11.0.0.1379 |
| veeam | one | 12.0.1.2591 |
| veeam | one | 11.0.1.1880 |
| veeam | one | 12.0.0.2498 |
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | 11.0.0.1379 |
| veeam | one | 12.0.1.2591 |
| veeam | one | 11.0.1.1880 |
| veeam | one | 12.0.0.2498 |
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | availability_orchestrator | 4.0 |
| veeam | recovery_orchestrator | 6.0 |
| veeam | disaster_recovery_orchestrator | 5.0 |
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | recovery_orchestrator | * |
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_service_provider_console | * |
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_agent_for_windows | * |
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | recovery_orchestrator | * |
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | * |
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | * |
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | * |
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | * |
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | * |
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | one | * |
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_service_provider_console | * |
DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_agent_for_windows | * |
Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_for_microsoft_azure | * |
| veeam | backup | * |
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_agent_for_windows | * |
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
This vulnerability allows a Backup or Tape Operator to write files as root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| support@hackerone.com | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veeam | veeam_backup_&_replication | * |