Vulnerabilities > Veeam
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-22021 | Unspecified vulnerability in Veeam products Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to. | 4.3 |
| 2024-02-07 | CVE-2024-22022 | Unspecified vulnerability in Veeam Recovery Orchestrator Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | 8.8 |
| 2023-11-07 | CVE-2023-38547 | Unspecified vulnerability in Veeam ONE A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. | 9.8 |
| 2023-11-07 | CVE-2023-38548 | Unspecified vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591 A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | 4.3 |
| 2023-11-07 | CVE-2023-38549 | Cross-site Scripting vulnerability in Veeam ONE A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | 5.4 |
| 2023-11-07 | CVE-2023-41723 | Unspecified vulnerability in Veeam ONE A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. | 4.3 |
| 2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |
| 2022-12-05 | CVE-2022-43549 | Improper Authentication vulnerability in Veeam Backup for Google Cloud 1.0/3.0 Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | 9.8 |
| 2022-03-17 | CVE-2022-26500 | Path Traversal vulnerability in Veeam Backup & Replication Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | 8.8 |
| 2022-03-17 | CVE-2022-26501 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | 9.8 |