cbcvebase.

Veeam Backup Replication vulnerabilities

12 known vulnerabilities affecting veeam/backup_replication.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-29849P2CRITICALCVSS 9.8≥ 12.1.2.172, < 12.1.2.172≥ 11.0.1.1261 P20240304, < 11.0.1.1261 P202403042024-05-22
CVE-2024-29849 [CRITICAL] CWE-287 CVE-2024-29849: Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise man Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
nvd
CVE-2024-42455P2HIGHCVSS 8.1≥ 12.2, ≤ 12.22024-12-04
CVE-2024-42455 [HIGH] CWE-306 CVE-2024-42455: A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting se A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist du
nvd
CVE-2024-40717P2HIGHCVSS 8.8≥ 12.2, ≤ 12.22024-12-04
CVE-2024-40717 [HIGH] CWE-306 CVE-2024-40717: A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to per A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule i
nvd
CVE-2024-42452P3HIGHCVSS 8.8≥ 12.2, ≤ 12.22024-12-04
CVE-2024-42452 [HIGH] CWE-863 CVE-2024-42452: A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotel A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, l
nvd
CVE-2024-42456P3HIGHCVSS 8.8≥ 12.2, ≤ 12.22024-12-04
CVE-2024-42456 [HIGH] CWE-306 CVE-2024-42456: A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and i
nvd
CVE-2024-29850P3HIGHCVSS 8.8≥ 12.1.2.172, < 12.1.2.1722024-05-22
CVE-2024-29850 [HIGH] CWE-294 CVE-2024-29850: Veeam Backup Enterprise Manager allows account takeover via NTLM relay. Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
nvd
CVE-2024-42453P3HIGHCVSS 8.1≥ 12.2, ≤ 12.22024-12-04
CVE-2024-42453 [HIGH] CWE-862 CVE-2024-42453: A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configu A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerabil
nvd
CVE-2024-29851P3HIGHCVSS 7.2≥ 12.1.2.172, < 12.1.2.1722024-05-22
CVE-2024-29851 [HIGH] CWE-294 CVE-2024-29851: Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manage Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
nvd
CVE-2024-42451P3MEDIUMCVSS 6.5≥ 12.2, ≤ 12.22024-12-04
CVE-2024-42451 [MEDIUM] CWE-312 CVE-2024-42451: A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credenti A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, in
nvd
CVE-2024-42457P3MEDIUMCVSS 6.5≥ 12.2, ≤ 12.22024-12-04
CVE-2024-42457 [MEDIUM] CWE-522 CVE-2024-42457: A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose sav A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious ho
nvd
CVE-2024-45204P4MEDIUMCVSS 4.3≥ 12.2, ≤ 12.22024-12-04
CVE-2024-45204 [MEDIUM] CWE-863 CVE-2024-45204: A vulnerability exists where a low-privileged user can exploit insufficient permissions in credentia A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
nvd
CVE-2024-29852P4LOWCVSS 2.7≥ 12.1.2.172, < 12.1.2.1722024-05-22
CVE-2024-29852 [LOW] CWE-280 CVE-2024-29852: Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
nvd
Veeam Backup Replication vulnerabilities | cvebase