Vulnerability of Veeam Backup & Replication virtual and physical systems, due to authentication procedures that lack sufficient protection. This allows attackers to alter multi-factor authentication parameters and circumvent existing security restrictions.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow attackers to alter the parameters of Multi-Factor Authentication MFA and circumvent existing security...

The vulnerability of Veeam Backup & Replication’s virtual and physical systems arises from the limited ability to restrict the path name to the restricted access directory. This allows attackers to compromise the integrity and accessibility of the protected information.

The vulnerability of Veeam Backup & Replication virtual and physical systems is related to the limited ability to access the directory. Exploiting this vulnerability can allow a malicious actor to influence the integrity and accessibility of the protected information...

The vulnerability in virtual and physical systems of Veeam Backup & Replication lies in the insufficient protection of registration data, allowing attackers to execute arbitrary codes.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to execute arbitrary code...

CVE-2024-10973

Keycloak vulnerability CVE-2024-10973: the KC_CACHE_EMBEDDED_MTLS_ENABLED environment option does not work and JGroups replication is used in plain text, allowing an attacker on adjacent networks to read sensitive information. The issue affects Keycloak deployments relying on this configuration; ...

CVE-2024-10973 Keycloak: cli option for encrypted jgroups ignored

A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...

The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in its ability to allow unauthorized access to read, modify, or delete data stored in memory. This vulnerability enables attackers to gain unauthorized access to these data.

The vulnerability of Veeam Backup & Replication’s protection for cloud, virtual, and physical systems stems from the restoration of unreliable data in memory due to the lack of authenticity verification for a critical function. Exploiting this vulnerability can allow an attacker operating remotel...

The vulnerability of Veeam Backup & Replication’s protection mechanism for cloud, virtual, and physical systems lies in the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of Veeam Backup & Replication’s protection tools for cloud, virtual, and physical systems stems from the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to increase their privileges...

SUSE SLES12 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4052-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4052-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql, postgresql16, postgresql17 (SUSE-SU-2024:4063-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4063-1 advisory. This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Rela...

Upgrade to Veeam Backup & Replication 12.3 Fails During "Step 1 of 7: Installing PostgreSQL server 15.10-1..."

Article Applicability The issue described in this article only occurred when using the initial Veeam Backup & Replication 12.3 ISO named VeeamBackup&Replication12.3.0.31020241201.iso. On 2024-12-16, a new ISO VeeamBackup&Replication12.3.0.31020241211.iso was made available, which contains a check...

Malicious code in replication-delay-client111 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11688 Malicious code in replication-delay-client111 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Veeam Backup and Replication 12.x < 12.3.0.310 Multiple Vulnerabilities (December 2024) (KB4693)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.0.310. It is, therefore, affected by multiple vulnerabilities, including: - A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server...

SUSE-SU-2024:4173-1 Security update for postgresql, postgresql16, postgresql17

This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane...

CVE-2024-42457

A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading ...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-42453

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of...

CVE-2024-42451

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes...

CVE-2024-42452

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability...

CVE-2024-40717

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...