Veeam Backup & Replication@* Security Vulnerabilities and Issues — Veeam Backup & Replication@* CVE List

Lucene search

VeeamVeeam Backup & Replication*

13 matches found

CVE•added 2023/03/10 10:15 p.m.•724 views

CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

7.5CVSS7.5AI score0.86788EPSS

In wild

CVE•added 2024/05/22 11:15 p.m.•216 views

CVE-2024-29849

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

9.8CVSS6.8AI score0.48113EPSS

Web

CVE•added 2024/05/22 11:15 p.m.•108 views

CVE-2024-29851

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

7.2CVSS9.2AI score0.00339EPSS

CVE•added 2024/05/22 11:15 p.m.•105 views

CVE-2024-29850

Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

8.8CVSS6.8AI score0.00504EPSS

CVE•added 2024/11/07 5:15 p.m.•105 views

CVE-2024-40715

A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.

7.7CVSS7AI score0.0017EPSS

CVE•added 2024/05/22 11:15 p.m.•91 views

CVE-2024-29852

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

2.7CVSS6.6AI score0.00181EPSS

CVE•added 2024/09/07 5:15 p.m.•73 views

CVE-2024-40714

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

8.3CVSS6.7AI score0.00091EPSS

CVE•added 2024/09/07 5:15 p.m.•70 views

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role with...

8.8CVSS7.7AI score0.00602EPSS

CVE•added 2024/09/07 5:15 p.m.•67 views

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.

7.8CVSS6.9AI score0.00034EPSS

CVE•added 2025/06/19 12:15 a.m.•58 views

CVE-2025-23121

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user

9.9CVSS9.8AI score0.0024EPSS

CVE•added 2024/09/07 5:15 p.m.•57 views

CVE-2024-40712

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).

7.8CVSS7AI score0.0004EPSS

CVE•added 2020/07/03 11:15 a.m.•42 views

CVE-2020-15518

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

8.8CVSS8.7AI score0.00284EPSS

CVE•added 2025/06/19 12:15 a.m.•33 views

CVE-2025-24286

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.

7.2CVSS7.8AI score0.0007EPSS