| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter. |
| This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file. |
| This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. |
| This vulnerability allows a Backup or Tape Operator to write files as root. |
| A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. |
| This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). |
| A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. |
| An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. |
| A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. |
