CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.204

EPSS Ranking 95.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

Proposed Action

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Ransomware Campaign

Known

References

Products affected by CVE-2022-26500

Veeam » Veeam Backup & Replication » Version: 10.0.0.4442

cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.0.4442
Veeam » Veeam Backup & Replication » Version: 10.0.0.4461

cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.0.4461
Veeam » Veeam Backup & Replication » Version: 10.0.1.4848

cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.1.4848
Veeam » Veeam Backup & Replication » Version: 10.0.1.4854

cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.1.4854
Veeam » Veeam Backup & Replication » Version: 11.0.0.825

cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.0.825
Veeam » Veeam Backup & Replication » Version: 11.0.0.837

cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.0.837
Veeam » Veeam Backup & Replication » Version: 11.0.1.1261

cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.1.1261
Veeam » Veeam Backup & Replication » Version: 9.5.0.1536

cpe:2.3:a:veeam:veeam_backup_&_replication:9.5.0.1536
Veeam » Veeam Backup & Replication » Version: 9.5.4.2615

cpe:2.3:a:veeam:veeam_backup_&_replication:9.5.4.2615

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26500

Products

Pricing

Contact Us