Lucene search
K

354 matches found

NCSC
NCSC
added 2025/03/20 2:10 p.m.8 views

Vulnerability fixed in Veeam Backup & Replication

Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...

9.9CVSS7.8AI score0.18335EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.5 views

PT-2025-11958

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions prior to 12.3.1 Description A deserialization flaw exists in Veeam Backup & Replication, where the application improperly handles serialized data. This allows an authenticated domain user or a member of the...

9.9CVSS7.8AI score0.18335EPSS
Exploits1References152
RedhatCVE
RedhatCVE
added 2025/03/06 1:8 a.m.29 views

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

8.6CVSS8.1AI score0.9408EPSS
Exploits2References1
NVD
NVD
added 2025/03/04 8:15 a.m.36 views

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

8.6CVSS0.9408EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.5 views

Nakivo Backup & Replication 安全漏洞

Nakivo Backup & Replication is a reliable, fast and affordable virtual machine backup solution from Nakivo, U.S.A. NAKIVO Backup & Replication provides reliable, fast and affordable virtual machine data protection for VMware environments. Specifically designed for virtualization, the product...

8.6CVSS9.8AI score0.9408EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/03/04 12:0 a.m.12 views

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

8.6CVSS9AI score0.9408EPSS
Exploits2References2
CVE
CVE
added 2025/03/04 12:0 a.m.203 views

CVE-2024-48248

CVE-2024-48248 affects NAKIVO Backup & Replication prior to 11.0.0.88174. The vulnerability is an absolute path traversal via getImageByPath to /c/router, leading to unauthenticated arbitrary file read with potential remote code execution across the enterprise when cleartext credentials are expos...

8.6CVSS9AI score0.9408EPSS
In wildExploits2References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.8 views

NAKIVO Backup & Replication < 11.0.0.88174 Arbitrary File Read

NAKIVO Backup & Replication versions prior to 11.0.0.88174 are vulnerable are affected by a vulnerability allowing an unauthenticated attacker to read arbitrary files on the system via a specially crafted request. No source data...

8.6CVSS7.2AI score0.9408EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:30 a.m.11 views

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

7.7CVSS6.8AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:27 a.m.17 views

CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

8.1CVSS6.7AI score0.14009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:39 p.m.6 views

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...

7.8CVSS6.8AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:37 p.m.7 views

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

8.8CVSS7.6AI score0.0112EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.5 views

The vulnerability in virtual and physical systems of Veeam Backup & Replication lies in the insufficient protection of registration data, allowing attackers to execute arbitrary codes.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to execute arbitrary code...

9CVSS8AI score0.0112EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.6 views

The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in its ability to allow unauthorized access to read, modify, or delete data stored in memory. This vulnerability enables attackers to gain unauthorized access to these data.

The vulnerability of Veeam Backup & Replication’s protection for cloud, virtual, and physical systems stems from the restoration of unreliable data in memory due to the lack of authenticity verification for a critical function. Exploiting this vulnerability can allow an attacker operating remotel...

7.5CVSS7.1AI score0.14009EPSS
Exploits0References3Affected Software1
Veeam
Veeam
added 2024/12/10 12:0 a.m.358 views

Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."

Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...

6.5AI score
Exploits0Affected Software1
NVD
NVD
added 2024/12/04 2:15 a.m.15 views

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

7.7CVSS0.00407EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 2:15 a.m.27 views

CVE-2024-40717

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...

8.8CVSS0.00738EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 2:15 a.m.4 views

CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

8.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/12/04 2:15 a.m.4 views

CVE-2024-40717

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...

8.8CVSS6.5AI score0.00738EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 2:15 a.m.20 views

CVE-2024-42451

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes...

7.7CVSS0.00275EPSS
Exploits0References1
Rows per page
Query Builder