Veeam: >> Veeam Backup & Replication Security Vulnerabilities
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-04
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
CVSS Score
7.7
EPSS Score
0.002
Published
2024-11-07
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-09-07
CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
Known exploited
CVSS Score
9.8
EPSS Score
0.562
Published
2024-09-07
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-07
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-07
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-09-07
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-09-07
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-05-22
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
CVSS Score
2.7
EPSS Score
0.002
Published
2024-05-22