Design/Logic Flaw

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control issue 1 of 2...

Authentication flaw

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager SCVMM allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe...

Design/Logic Flaw

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2022-26500

CVE-2022-26500 affects Veeam Backup & Replication and relates to an improper limitation of path names in internal API functions, enabling a remote, authenticated user to upload and execute arbitrary code. Affected product range includes 9.5U3/U4, 10.x, and 11.x. The root cause is exposure of inte...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2022-26504

CVE-2022-26504 affects Veeam Backup & Replication (versions 9.5U3/U4, 10.x, 11.x) where the SCVMM-related Veeam.Backup.PSManager.exe component suffers improper authentication, enabling an attacker to execute arbitrary code remotely. Public sources describe this as a high-severity, network-exposed...

CVE-2022-26504

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager SCVMM allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe...

CVE-2022-26501

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control issue 1 of 2...

CVE-2022-26501

CVE-2022-26501 affects Veeam Backup & Replication 10.x and 11.x, where the Veeam Distribution Service exposes an Incorrect Access Control flaw that allows unauthenticated access to internal API functions (potential remote code execution). Mitigations documented: update to 10.0.1.4854 (10a) and 11...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

CVE-2022-26501

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control issue 1 of 2. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Veeam Backup&Replication Access Control Error Vulnerability

Veeam Backup & Replication is a suite of data protection software from the Swiss company Veeam. The software provides backup, replication and recovery for VMware and Hyper-V VMs, physical and cloud environments. Veeam Backup&Replication is vulnerable to an Access Control Error vulnerability, no...

PT-2022-17907 · Microsoft +1 · System Center Virtual Machine Manager +1

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication versions 9.5U3 through 11.x Description: The issue is related to improper authentication in the component used for Microsoft System Center Virtual Machine Manager SCVMM, allowing attackers to execute arbitrary code...

Moderate: Red Hat Security Advisory: redhat-ds:11.3 security and bug fix update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...

PT-2022-07: Insufficient authentication in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to authenticate using a NULL-session. This may lead to gaining control over the target system. Vulnerability status: Confirmed by vendor Date of vulnerability...

PT-2022-09: Insufficient validation of file paths and Path Traversal in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to perform an NTLM-relay attack on behalf of the account under which the service is running, uploading arbitrary files from arbitrary paths to the VBR server,...

PT-2022-1828

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions 9.5U3 through 9.5U4, 10.x, and 11.x Description An improper limitation of path names allows remote authenticated users to access internal API functions. This access could allow attackers to upload and execut...

PT-2022-1829 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication versions 10.x through 11.x Description: The issue is related to incorrect access control in the Veeam Backup & Replication Distribution Service, which can be exploited by a remote attacker to execute arbitrary code ...