Vulnerabilities > Veeam
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-17 | CVE-2022-26504 | Improper Authentication vulnerability in Veeam Backup & Replication Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | 9.0 |
| 2022-03-17 | CVE-2022-26503 | Deserialization of Untrusted Data vulnerability in Veeam Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | 7.2 |
| 2021-06-30 | CVE-2021-35971 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 10.0 Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | 7.5 |
| 2020-07-28 | CVE-2020-15419 | XXE vulnerability in Veeam ONE Firmware 10.0.0.0 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. | 7.8 |
| 2020-07-28 | CVE-2020-15418 | XXE vulnerability in Veeam ONE Firmware 10.0.0.0 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. | 7.8 |
| 2020-07-03 | CVE-2020-15518 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Veeam products VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | 6.5 |
| 2020-04-22 | CVE-2020-10915 | Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. | 7.5 |
| 2020-04-22 | CVE-2020-10914 | Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. | 7.5 |
| 2019-07-27 | CVE-2019-14298 | Cross-site Scripting vulnerability in Veeam ONE Reporter 9.5.0.3201 Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. | 3.5 |
| 2019-07-27 | CVE-2019-14297 | Cross-site Scripting vulnerability in Veeam ONE Reporter 9.5.0.3201 Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. | 3.5 |