Filtered by vendor Veeam
Subscriptions
Filtered by product Veeam Backup \& Replication
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42455 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2025-04-24 | 8.1 High |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | ||||
| CVE-2024-42456 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2025-04-24 | 8.8 High |
| A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | ||||
| CVE-2024-42457 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-24 | 6.5 Medium |
| A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. | ||||
| CVE-2024-45204 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-24 | 4.3 Medium |
| A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. | ||||
| CVE-2015-5742 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-12 | N/A |
| VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2025-23120 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-02 | 8.8 High |
| A vulnerability allowing remote code execution (RCE) for domain users. | ||||
| CVE-2022-26504 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-11-21 | 8.8 High |
| Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | ||||
| CVE-2021-35971 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-11-21 | 9.8 Critical |
| Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | ||||
| CVE-2020-15518 | 1 Veeam | 2 Veeam Availability Suite, Veeam Backup \& Replication | 2024-11-21 | 8.8 High |
| VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | ||||