Arbitrary Code Execution

org.openrefine, database is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper configuration in the database extension of OpenRefine, specifically the enableloadextension property that permits loading local or remote extension DLLs...

CVE-2024-5764

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764

CVE-2024-5764 affects Nexus Repository 3.x (3.0.0–3.72.0). It arises from a static hard-coded encryption passphrase used by the PasswordCipher to encrypt secrets in the Nexus configuration database (SMTP/HTTP proxy credentials, tokens, etc.). An administrator could set an alternate passphrase at ...

CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

Minimum supported OS version for Veeam VSS Hardware Provider is Microsoft Server 2012 (64-bit only).

Challenge An attempt to rescan, upgrade, or update the Veeam Backup Server fails with the error: Minimum supported OS version for Veeam VSS Hardware Provider is Microsoft Server 2012 64-bit only. Cause This issue occurs because an entry in the Configuration Database causes the Veeam Backup &...

Veeam ONE 11.x < 11.0.0.1379 / 11.0.1.x < 11.0.1.1880 / 12.x < 12.0.1.2591 Multiple Vulnerabiltiies (KB4508)

The version of Veeam ONE installed on the remote Windows host is affected by multiple vulnerabilities, as disclosed in the vendor's advisory with KB ID 4508, including the following: - A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

Veeam ONE Security Vulnerability

Veeam ONE is a suite of IT monitoring and reporting tools from Veeam USA. The product supports features such as backup monitoring, operational status monitoring of virtual and physical environments. A security vulnerability exists in Veeam ONE versions 11, 11a, and 12 that originated from allowin...

PT-2023-6894 · Veeam · Veeam One

Name of the Vulnerable Software and Affected Versions: Veeam ONE affected versions not specified Description: A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote co...

Access Denied Error After Migrating Configuration from MFA-Enabled Server

Challenge After performing Configuration Restore using the Migration mode from a Configuration Backup created by a Veeam Backup & Replication server that had MFA enabled, login attempts using local accounts cause the Veeam Backup & Replication Console to display the error: Failed to connect to...

VulnCheck KEV: CVE-2023-27532

Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This...

Veeam Backup and Replication Authentication Bypass (KB4288)

The version of Veeam Backup and Replication installed on the remote Windows host is prior to 11.0.1.1261 P20230227 or 12.x prior to 12.0.0.1420 P20230223. It is, therefore, affected by authentication bypass vulnerability that allows encrypted credentials stored in the configuration database to be...

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

Design/Logic Flaw

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

Veeam Backup & Replication 访问控制错误漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication, which stems from allowing access to encrypted credentials stored in the configuration database, which can be exploited by an attacker to gain access to th...

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Recent assessments: sfewer-r7 at March 14, 2023 2:49pm UTC reported: On March 7, 2023, Veeam...

CVE-2023-27532

CVE-2023-27532 affects Veeam Backup & Replication, specifically the Cloud Connect component. The vulnerability allows an unauthenticated actor inside the backup network perimeter to obtain encrypted credentials stored in the configuration database, potentially leading to access to backup infrastr...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...