📦 Veeam Backup \& Replication
by Veeam
🔍 What is Veeam Backup \& Replication?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows a Backup Administrator with legitimate credentials to execute arbitrary code as the postgres user by sending a malicious password parameter during authentication. It affects ...
This vulnerability allows users with Backup Operator or Tape Operator privileges to write files with root/system-level permissions, potentially leading to privilege escalation. It affects Veeam Backup...
This vulnerability allows authenticated Backup Operators to execute arbitrary code as the postgres user by sending malicious interval or order parameters. It affects Veeam Backup & Replication systems...
This critical vulnerability in Veeam Backup & Replication's Mount service allows authenticated domain users to execute arbitrary code on backup infrastructure hosts. Attackers with domain credentials ...
CVE-2024-40711 is a critical deserialization vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to execute arbitrary code remotely. This affects organizations using vuln...
CVE-2024-29849 is an authentication bypass vulnerability in Veeam Backup Enterprise Manager that allows unauthenticated attackers to log into the web interface as any user. This affects organizations ...
CVE-2022-26501 is an incorrect access control vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges. This affects Veeam Bac...
This vulnerability in Veeam Backup and Replication allows remote attackers to execute arbitrary code via insecure .NET remoting deserialization. It affects all organizations running vulnerable version...
This vulnerability allows authenticated Backup or Tape Operators to execute arbitrary code with root privileges by creating a malicious backup configuration file. It affects Veeam Backup & Replication...
This vulnerability allows authenticated domain users to execute arbitrary code on Veeam Backup Servers through improper input validation. It affects organizations using Veeam Backup & Replication soft...
This vulnerability allows remote code execution (RCE) for domain users in Veeam Backup & Replication. Attackers can execute arbitrary code with domain user privileges, potentially compromising backup ...
This vulnerability in Veeam Backup & Replication allows low-privileged users with specific roles to modify critical configuration settings, including trusted client certificates used for authenticatio...
This vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to achieve remote code execution by modifying backup jobs to run malicious scripts. Attackers can schedule th...
A privilege escalation vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to remotely start agents in server mode and obtain credentials, leading to system-level acc...
CVE-2024-42453 is a privilege escalation vulnerability in Veeam Backup & Replication that allows low-privileged users to perform unauthorized actions on connected virtual infrastructure hosts. This in...
A vulnerability in Veeam Backup & Replication allows low-privileged authenticated users to exploit insecure deserialization via remoting services, enabling arbitrary file deletion with service account...
This vulnerability allows attackers to bypass authentication in Veeam Backup & Replication Enterprise Manager by performing a Man-in-the-Middle attack. Organizations using affected versions of this ba...
This CVE describes multiple high-severity vulnerabilities in Veeam Backup & Replication that allow authenticated low-privileged users to execute remote code as the service account and extract sensitiv...
This vulnerability allows low-privileged users in Veeam Backup & Replication to modify Multi-Factor Authentication settings and bypass MFA protection. It affects organizations using Veeam Backup & Rep...
An improper input validation vulnerability in Veeam software allows low-privileged authenticated users to remotely delete files on the system with the permissions of the service account. This affects ...
This vulnerability in Veeam Backup Enterprise Manager allows authenticated high-privileged users to capture the NTLM hash of the Enterprise Manager service account. This affects organizations using Ve...
CVE-2022-26500 is a path traversal vulnerability in Veeam Backup & Replication that allows authenticated remote attackers to access internal API functions. This enables them to upload and execute arbi...
This vulnerability in Veeam Backup & Replication allows authenticated users with operator roles to expose saved credentials by exploiting a remote management interface flaw. Attackers can add a malici...
This vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to retrieve all stored credentials in plaintext through external protocol manipulation. Attackers can exploit...