Veeam: Security Vulnerabilities
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
CVSS Score
8.1
EPSS Score
0.008
Published
2024-09-07
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVSS Score
9.0
EPSS Score
0.216
Published
2024-06-11
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
CVSS Score
7.2
EPSS Score
0.009
Published
2024-05-22
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
CVSS Score
2.7
EPSS Score
0.005
Published
2024-05-22
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-22
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
CVSS Score
9.8
EPSS Score
0.167
Published
2024-05-22
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-05-22
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVSS Score
9.9
EPSS Score
0.016
Published
2024-05-14
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-02-07
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-02-07