Veeam: Security Vulnerabilities
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-07
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-07
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-09-07
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
CVSS Score
9.0
EPSS Score
0.002
Published
2024-09-07
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-09-07
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVSS Score
9.0
EPSS Score
0.17
Published
2024-06-11
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-05-22
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
CVSS Score
2.7
EPSS Score
0.002
Published
2024-05-22
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-22
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
CVSS Score
9.8
EPSS Score
0.434
Published
2024-05-22