354 matches found
Vulnerability fixed in Veeam Backup & Replication
Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...
PT-2025-11958
Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions prior to 12.3.1 Description A deserialization flaw exists in Veeam Backup & Replication, where the application improperly handles serialized data. This allows an authenticated domain user or a member of the...
CVE-2024-48248
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...
CVE-2024-48248
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...
Nakivo Backup & Replication 安全漏洞
Nakivo Backup & Replication is a reliable, fast and affordable virtual machine backup solution from Nakivo, U.S.A. NAKIVO Backup & Replication provides reliable, fast and affordable virtual machine data protection for VMware environments. Specifically designed for virtualization, the product...
CVE-2024-48248
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...
CVE-2024-48248
CVE-2024-48248 affects NAKIVO Backup & Replication prior to 11.0.0.88174. The vulnerability is an absolute path traversal via getImageByPath to /c/router, leading to unauthenticated arbitrary file read with potential remote code execution across the enterprise when cleartext credentials are expos...
NAKIVO Backup & Replication < 11.0.0.88174 Arbitrary File Read
NAKIVO Backup & Replication versions prior to 11.0.0.88174 are vulnerable are affected by a vulnerability allowing an unauthenticated attacker to read arbitrary files on the system via a specially crafted request. No source data...
CVE-2024-42457
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...
CVE-2024-42455
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...
CVE-2024-40713
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...
CVE-2024-40710
A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...
The vulnerability in virtual and physical systems of Veeam Backup & Replication lies in the insufficient protection of registration data, allowing attackers to execute arbitrary codes.
The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to execute arbitrary code...
The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in its ability to allow unauthorized access to read, modify, or delete data stored in memory. This vulnerability enables attackers to gain unauthorized access to these data.
The vulnerability of Veeam Backup & Replication’s protection for cloud, virtual, and physical systems stems from the restoration of unreliable data in memory due to the lack of authenticity verification for a critical function. Exploiting this vulnerability can allow an attacker operating remotel...
Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."
Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...
CVE-2024-42457
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...
CVE-2024-40717
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...
CVE-2024-42455
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...
CVE-2024-40717
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...
CVE-2024-42451
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes...