| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
| A vulnerability allowing a low-privileged user to extract saved SSH credentials. |
| A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. |
| A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. |
| This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. |
| This vulnerability allows a Backup or Tape Operator to write files as root. |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter. |
| This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file. |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). |
| A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. |
