Vulnerabilities > Veeam > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2024-22022 Unspecified vulnerability in Veeam Recovery Orchestrator 5.0/6.0
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
network
low complexity
veeam
8.8
8.8
2023-03-10 CVE-2023-27532 Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained.
network
low complexity
veeam CWE-306
7.5
7.5
2022-03-17 CVE-2022-26500 Path Traversal vulnerability in Veeam Backup & Replication
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
network
low complexity
veeam CWE-22
8.8
8.8
2022-03-17 CVE-2022-26504 Improper Authentication vulnerability in Veeam Backup & Replication
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
network
low complexity
veeam CWE-287
8.8
8.8
2022-03-17 CVE-2022-26503 Deserialization of Untrusted Data vulnerability in Veeam
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
local
low complexity
veeam CWE-502
7.8
7.8
2020-07-28 CVE-2020-15419 XXE vulnerability in Veeam ONE Firmware 10.0.0.0
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415.
network
low complexity
veeam CWE-611
7.5
7.5
2020-07-28 CVE-2020-15418 XXE vulnerability in Veeam ONE Firmware 10.0.0.0
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415.
network
low complexity
veeam CWE-611
7.5
7.5
2020-07-03 CVE-2020-15518 Missing Authorization vulnerability in Veeam products
VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.
network
low complexity
veeam CWE-862
8.8
8.8
2019-05-06 CVE-2019-11569 Cross-Site Request Forgery (CSRF) vulnerability in Veeam ONE Reporter 9.5.0.3201
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
network
low complexity
veeam CWE-352
8.8
8.8