Veeam: >> Veeam Backup & Replication Security Vulnerabilities
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
CVSS Score
7.8
EPSS Score
0.003
Published
2024-09-07
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-07
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
CVSS Score
8.3
EPSS Score
0.005
Published
2024-09-07
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
CVSS Score
8.1
EPSS Score
0.005
Published
2024-09-07
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-05-22
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
CVSS Score
2.7
EPSS Score
0.003
Published
2024-05-22
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
CVSS Score
9.8
EPSS Score
0.536
Published
2024-05-22
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-05-22
CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Known exploited
CVSS Score
7.5
EPSS Score
0.827
Published
2023-03-10
CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Known exploited
CVSS Score
8.8
EPSS Score
0.201
Published
2022-03-17