Vulnerabilities > Veeam > Veeam Backup Replication > 10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-40710 | Unspecified vulnerability in Veeam Backup & Replication A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). | 8.8 |
| 2024-09-07 | CVE-2024-40712 | Unspecified vulnerability in Veeam Backup & Replication A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | 7.8 |
| 2024-09-07 | CVE-2024-40713 | Unspecified vulnerability in Veeam Backup & Replication A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | 7.8 |
| 2024-09-07 | CVE-2024-40714 | Unspecified vulnerability in Veeam Backup & Replication An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | 8.3 |
| 2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |
| 2021-06-30 | CVE-2021-35971 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | 9.8 |