Vulnerabilities > Veeam > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-22021 | Unspecified vulnerability in Veeam products Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to. | 4.3 |
| 2023-11-07 | CVE-2023-38548 | Unspecified vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591 A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | 4.3 |
| 2023-11-07 | CVE-2023-38549 | Cross-site Scripting vulnerability in Veeam ONE A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | 5.4 |
| 2023-11-07 | CVE-2023-41723 | Unspecified vulnerability in Veeam ONE A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. | 4.3 |
| 2020-07-03 | CVE-2020-15518 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Veeam products VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | 6.5 |
| 2019-05-06 | CVE-2019-11569 | Cross-Site Request Forgery (CSRF) vulnerability in Veeam ONE Reporter 9.5.0.3201 Veeam ONE Reporter 9.5.0.3201 allows CSRF. | 6.8 |