The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in its ability to allow unauthorized access to read, modify, or delete data stored in memory. This vulnerability enables attackers to gain unauthorized access to these data.

The vulnerability of Veeam Backup & Replication’s protection for cloud, virtual, and physical systems stems from the restoration of unreliable data in memory due to the lack of authenticity verification for a critical function. Exploiting this vulnerability can allow an attacker operating remotel...

The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of Veeam Backup & Replication’s protection tools for cloud, virtual, and physical systems stems from the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileges...

SUSE SLES12 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4052-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4052-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4063-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4063-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Rela...

Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."

Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...

Malicious code in replication-delay-client111 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11688 Malicious code in replication-delay-client111 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Veeam Backup and Replication 12.x < 12.3.0.310 Multiple Vulnerabilities (December 2024) (KB4693)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.0.310. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server...

SUSE-SU-2024:4173-1 Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-42451

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes...

CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42452

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability...

CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

CVE-2024-40717

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...

CVE-2024-42455

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...

CVE-2024-40717

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...

CVE-2024-42457

CVE-2024-42457 concerns Veeam Backup & Replication. Reported vulnerabilities allow users with limited operator roles to expose saved credentials via the product’s remote management interface, by abusing a session object that enables credential enumeration and exploitation. The attack is facilitat...

CVE-2024-42452

CVE-2024-42452 affects Veeam Backup & Replication . A low-privileged user can start an agent remotely in server mode and obtain credentials, enabling SYSTEM-level privilege escalation and the ability to upload files to the server with elevated privileges. Root cause: remote calls bypass permissio...