Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.1.2.172 and prior versions 12, which stems from the inclusion of an untrusted data deserialization issue that could lead to remote code executio...

Veeam Backup and Replication 12.x < 12.2.0.334 Multiple Vulnerabilities (September 2024) (KB4649)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.2.0.334. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allowing unauthenticated remote code execution RCE. CVE-2024-40711 - A vulnerability that allows a use...

openSUSE: Security Advisory for 389 (SUSE-SU-2024:3082-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-5903

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions prior to 12.2.0.334 Description Veeam Backup & Replication is affected by a critical deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution RCE. This flaw,...

PT-2024-9564 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore...

PT-2024-9558 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability exists that allows a user with a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...

PT-2024-9557 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: The issue is related to an improper input validation vulnerability. This vulnerability allows a low-privileged user to remotely remove files on the system with permission...

Veeam Backup & Replication Install Fails with: "A later version of Veeam Explorer for Microsoft Exchange is already installed."

Challenge When attempting to install Veeam Backup & Replication version 12.1, 12.2, or 12.3 on a machine where Veeam Backup for Microsoft 365 version 8 is already installed, the Veeam Backup & Replication install fails with the error: A later version of Veeam Explorer for Microsoft Exchange is...

Release Information for IBM FlashSystem Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing IBM FlashSystem Plug-In v2.3.80, ensure that you are running at least Veeam Backup &...

Release Information for Veeam Backup & Replication 12.2

This update was superseded by Veeam Backup & Replication 12.3. Release Information 12.2.0.334 2024-08-28 Release Information Release Notes What's New ISO Release History Previously released files are not publicly available for download. Mouse-over or tap the filenames in the table to view a file'...

Veeam Backup & Replication 12.1.2 Compatibility with vSphere 8.0 U3

Update 2025-03-31 The "Automatic vCLS VM Exclusion" limitation detailed below was resolved starting in Veeam Backup & Replication 12.2. The NSX-T 4.2 support limitation detailed below was resolved, and NSX-T 4.2.1 is supported fully starting in Veeam Backup & Replication 12.3.1. Support Statement...

PT-2024-9559 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over...

PT-2024-9472 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: The issue is related to insecure deserialization in Veeam Backup & Replication, allowing a low-privileged user to connect to remoting services and exploit this...

PT-2024-9517 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication versions prior to 12.2 Description: A vulnerability in Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability...

PT-2024-9471 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability in the Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration...

Virtuozzo Hybrid Infrastructure 6.2 Hotfix 3 (6.2.0-146)

This update provides stability fixes. Vulnerability id: VSTOR-86571 VM live migration failed due to a missing snapshot traceback. Vulnerability id: VSTOR-87531, VSTOR-89251 Stability fixes for the hypervisor. Vulnerability id: VSTOR-88449 An error is triggered after disabling account replication...

Usage of Service SIDs and IIS Application Pools in StoreFront

This article contains information about the usage of Windows Service account SIDs and Application Pool Identities to secure Receiver StoreFront. Requirements Ensure that the existing infrastructure supports the StoreFront system requirement mentioned in the following link: System requirements for...

The vulnerability of the application programming interface of the Elasticsearch search engine allows a hacker to disclose protected information.

The vulnerability of the Elasticsearch search engine’s application programming interface is related to deficiencies in access control due to incorrect replication of cross-cluster key indexes. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...