CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.3%
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Vendor | Product | Version | CPE |
---|---|---|---|
veeam | veeam_backup_\&_replication | * | cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 9.5.0.1536 | cpe:2.3:a:veeam:veeam_backup_\&_replication:9.5.0.1536:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 9.5.4.2615 | cpe:2.3:a:veeam:veeam_backup_\&_replication:9.5.4.2615:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 10.0.1.4854 | cpe:2.3:a:veeam:veeam_backup_\&_replication:10.0.1.4854:-:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 10.0.1.4854 | cpe:2.3:a:veeam:veeam_backup_\&_replication:10.0.1.4854:p20201202:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 10.0.1.4854 | cpe:2.3:a:veeam:veeam_backup_\&_replication:10.0.1.4854:p20210609:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 11.0.1.1261 | cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:-:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 11.0.1.1261 | cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:p20211123:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 11.0.1.1261 | cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:p20211211:*:*:*:*:*:* |
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.3%