High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-07	CVE-2024-22022	Unspecified vulnerability in Veeam Recovery Orchestrator Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. network low complexity veeam	8.8
2023-03-10	CVE-2023-27532	Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. network low complexity veeam CWE-306	7.5
2022-03-17	CVE-2022-26500	Path Traversal vulnerability in Veeam Backup & Replication Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. network low complexity veeam CWE-22	8.8
2022-03-17	CVE-2022-26503	Deserialization of Untrusted Data vulnerability in Veeam Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. local low complexity veeam CWE-502	7.2
2021-06-30	CVE-2021-35971	Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 10.0 Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. network low complexity veeam CWE-502	7.5
2020-07-28	CVE-2020-15419	XXE vulnerability in Veeam ONE Firmware 10.0.0.0 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. network low complexity veeam CWE-611	7.8
2020-07-28	CVE-2020-15418	XXE vulnerability in Veeam ONE Firmware 10.0.0.0 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. network low complexity veeam CWE-611	7.8
2020-04-22	CVE-2020-10915	Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. network low complexity veeam CWE-502	7.5
2020-04-22	CVE-2020-10914	Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. network low complexity veeam CWE-502	7.5