Vulnerabilities > Veeam > Veeam Backup Replication > 9.5.0.1536
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-40710 | Unspecified vulnerability in Veeam Backup & Replication A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). | 8.8 |
| 2024-09-07 | CVE-2024-40712 | Unspecified vulnerability in Veeam Backup & Replication A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | 7.8 |
| 2024-09-07 | CVE-2024-40713 | Unspecified vulnerability in Veeam Backup & Replication A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | 7.8 |
| 2024-09-07 | CVE-2024-40714 | Unspecified vulnerability in Veeam Backup & Replication An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | 8.3 |
| 2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |
| 2022-03-17 | CVE-2022-26500 | Path Traversal vulnerability in Veeam Backup & Replication Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | 8.8 |
| 2022-03-17 | CVE-2022-26504 | Improper Authentication vulnerability in Veeam Backup & Replication Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | 8.8 |
| 2020-07-03 | CVE-2020-15518 | Missing Authorization vulnerability in Veeam products VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | 8.8 |