Vulnerability Details CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.847
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
Ransomware Campaign
Known
References
Products affected by CVE-2022-26501
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.0.4442
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.0.4461
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.1.4848
-
cpe:2.3:a:veeam:veeam_backup_&_replication:10.0.1.4854
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.0.825
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.0.837
-
cpe:2.3:a:veeam:veeam_backup_&_replication:11.0.1.1261