Veeam Backup & Replication
12 CVEs affecting Veeam Backup & Replication. Latest disclosed: 2024-12-04. Critical: 1, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-29849 | Critical | 9.8 | 2024-05-22 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. |
CVE-2024-42452 | High | 8.8 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escala… |
CVE-2024-40717 | High | 8.8 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs… |
CVE-2024-42456 | High | 8.8 | 2024-12-04 | A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuratio… |
CVE-2024-29850 | High | 8.8 | 2024-05-22 | Veeam Backup Enterprise Manager allows account takeover via NTLM relay. |
CVE-2024-45204 | High | 7.7 | 2024-12-04 | A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The ex… |
CVE-2024-42451 | High | 7.7 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of m… |
CVE-2024-42457 | High | 7.7 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a… |
CVE-2024-42453 | High | 7.4 | 2024-12-04 | A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This inc… |
CVE-2024-29851 | High | 7.2 | 2024-05-22 | Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. |
CVE-2024-42455 | High | 7.1 | 2024-12-04 | A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a se… |
CVE-2024-29852 | Low | 2.7 | 2024-05-22 | Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. |