Vulnerabilities > Veeam

DATE CVE VULNERABILITY TITLE RISK
2024-09-07 CVE-2024-40711 Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
network
low complexity
veeam CWE-502
critical
9.8
2024-09-07 CVE-2024-42020 Cross-site Scripting vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
network
low complexity
veeam CWE-79
5.4
2024-02-07 CVE-2024-22021 Unspecified vulnerability in Veeam products
Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to.
network
low complexity
veeam
4.3
2024-02-07 CVE-2024-22022 Unspecified vulnerability in Veeam Recovery Orchestrator 5.0/6.0
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
network
low complexity
veeam
8.8
2023-11-07 CVE-2023-38547 Unspecified vulnerability in Veeam ONE
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database.
network
low complexity
veeam
critical
9.8
2023-11-07 CVE-2023-38548 Unspecified vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
network
low complexity
veeam
4.3
2023-11-07 CVE-2023-38549 Cross-site Scripting vulnerability in Veeam ONE
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
network
low complexity
veeam CWE-79
5.4
2023-11-07 CVE-2023-41723 Unspecified vulnerability in Veeam ONE
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.
network
low complexity
veeam
4.3
2023-03-10 CVE-2023-27532 Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained.
network
low complexity
veeam CWE-306
7.5
2022-12-05 CVE-2022-43549 Improper Authentication vulnerability in Veeam Backup for Google Cloud 1.0/3.0
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.
network
low complexity
veeam CWE-287
critical
9.8