Veeam: Security Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.
CVSS Score
9.8
EPSS Score
0.796
Published
2020-04-22
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-27
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-27
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-05-06
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-10-16
Page 6