Veeam: Security Vulnerabilities
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-05-22
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVSS Score
9.9
EPSS Score
0.226
Published
2024-05-14
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-02-07
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-02-07
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
CVSS Score
4.3
EPSS Score
0.019
Published
2023-11-07
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.
CVSS Score
4.5
EPSS Score
0.016
Published
2023-11-07
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-11-07
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
CVSS Score
9.9
EPSS Score
0.108
Published
2023-11-07
CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Known exploited
CVSS Score
7.5
EPSS Score
0.766
Published
2023-03-10
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-05