cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23114,https://securityvulnerability.io/vulnerability/CVE-2025-23114,Veeam Updater Vulnerability in Veeam Software Products,"A security flaw in the Veeam Updater component allows attackers to execute arbitrary code by exploiting insufficient validation of TLS certificates. This vulnerability can be targeted through Man-in-the-Middle attacks, potentially compromising system integrity and data confidentiality. Organizations using Veeam Backup & Replication and Veeam ONE should be aware of this issue and follow recommended security guidelines to mitigate risks.",Veeam,"Backup For Aws,Backup For Microsoft Azure,Backup For Google Cloud,Backup For Nutanix Ahv,Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization,Backup For Salesforce",,,0.0004299999854993075,false,,false,false,false,,false,true,false,,2025-02-05T01:45:03.336Z,2649
CVE-2025-23082,https://securityvulnerability.io/vulnerability/CVE-2025-23082,Server-Side Request Forgery in Veeam Backup for Microsoft Azure,"Veeam Backup for Microsoft Azure has a vulnerability that allows an unauthenticated attacker to exploit Server-Side Request Forgery (SSRF). This flaw enables unauthorized requests to be sent from the affected system, which could lead to unforeseen network enumeration or facilitate other security threats. For more details, refer to Veeam's official documentation.",Veeam,Backup For Microsoft Azure,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:46:14.729Z,0
CVE-2024-42455,https://securityvulnerability.io/vulnerability/CVE-2024-42455,Low-Privileged User Can Exploit Insecure Deserialization to Delete Any File with Service Account Privileges,"A vulnerability within Veeam Backup & Replication enables low-privileged users to connect to remoting services and exploit weaknesses in the deserialization process. An attacker can send a serialized temporary file collection that is insufficiently validated, allowing them to delete any file on the system with the privileges of the service account. This flaw highlights the critical need for robust validation mechanisms during the deserialization process to prevent unauthorized actions on sensitive files and data.",Veeam,Backup & Replication,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-40714,https://securityvulnerability.io/vulnerability/CVE-2024-40714,Intercepting Sensitive Credentials During Restore Operations,"An improper certificate validation vulnerability has been identified in Veeam Backup & Replication, where inadequate checks during TLS certificate validation can be exploited by an attacker on the same network. This flaw potentially allows unauthorized interception of sensitive credentials during restore operations, posing a serious security threat to data integrity and confidentiality in enterprise environments.",Veeam,Backup And Recovery,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.237Z,0
CVE-2024-40709,https://securityvulnerability.io/vulnerability/CVE-2024-40709,Low-Privileged User Escalation,"A missing authorization flaw in Veeam Backup & Replication software allows a local low-privileged user to escalate their privileges to root level. This vulnerability could enable unauthorized access to sensitive system functions and data, potentially compromising system integrity and security. It is crucial for users of the affected versions to assess the potential risks and apply necessary security measures.",Veeam,Backup And Recovery,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.216Z,0
CVE-2024-40713,https://securityvulnerability.io/vulnerability/CVE-2024-40713,Low-Privileged User Vulnerability Allows MFA Bypass,"A vulnerability exists within Veeam Backup & Replication that permits users with low-privileged roles to alter Multi-Factor Authentication (MFA) settings. This manipulation can enable these users to bypass the MFA mechanism, resulting in potential unauthorized access to critical backup and replication data. This highlights the importance of maintaining stringent access controls and regularly updating security measures to mitigate such risks.",Veeam,Backup And Recovery,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.216Z,0
CVE-2024-40711,https://securityvulnerability.io/vulnerability/CVE-2024-40711,Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool,"A vulnerability has been identified in Veeam Backup & Replication products that allows for the deserialization of untrusted data. This flaw can be exploited by an attacker to execute arbitrary code remotely without authentication, potentially compromising the integrity and security of the affected systems. Proper remediation measures are necessary to mitigate the risks associated with this vulnerability.",Veeam,Backup And  Recovery,9.8,CRITICAL,0.9621700048446655,true,2024-10-17T00:00:00.000Z,true,true,true,2024-09-10T16:07:37.000Z,true,true,true,2024-09-07T17:52:16.619Z,2024-09-07T16:11:22.213Z,11647
CVE-2024-40712,https://securityvulnerability.io/vulnerability/CVE-2024-40712,Oracle Database Vulnerable to Local Privilege Escalation Attacks,"A path traversal vulnerability found in Veeam Software's Backup & Replication products enables attackers with low-privileged accounts and local access to perform local privilege escalation (LPE). This vulnerability can allow unauthorized users to access sensitive files and execute commands with elevated privileges, which poses a significant risk to system integrity and data security. Users are advised to review their systems and apply available security patches to mitigate potential exploitation. For detailed information, refer to the official documentation provided by Veeam Software.",Veeam,Backup And Recovery,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.203Z,0
CVE-2024-40710,https://securityvulnerability.io/vulnerability/CVE-2024-40710,RCE & Sensitive Data Exposure in Veeam Backup & Replication,"The identified vulnerabilities in Veeam Backup & Replication permit remote code execution (RCE) potentially allowing attackers to control affected systems. These vulnerabilities also create avenues for the extraction of sensitive information, including saved credentials and passwords. Exploitation is contingent upon the attacker having a low-privileged user role, thereby emphasizing the critical need for stringent access controls and user role management within affected environments.",Veeam,Backup And Recovery,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.182Z,0
CVE-2024-39718,https://securityvulnerability.io/vulnerability/CVE-2024-39718,Remote File Removal Vulnerability in System,"An improper input validation vulnerability exists in Veeam Backup & Replication software, allowing low-privileged users to exploit this flaw to remotely delete files on the system. The issue stems from insufficient validation of input data, leading to unauthorized actions with the same permissions as the service account. Users of affected versions are urged to review their security settings and apply necessary mitigations.",Veeam,Backup And Recovery,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.180Z,0
CVE-2024-29850,https://securityvulnerability.io/vulnerability/CVE-2024-29850,Veeam Backup Enterprise Manager Vulnerable to Account Takeover via NTLM Relay,"The vulnerability in Veeam Backup Enterprise Manager exposes systems to potential account takeover through an NTLM relay attack. This allows an attacker to impersonate legitimate users and gain unauthorized access to sensitive backup and recovery resources. Administrators are urged to implement proper security measures, such as disabling NTLM authentication where possible and employing additional layers of security, to mitigate risks related to this vulnerability. For further details, refer to Veeam’s official knowledge base article.",Veeam,Backup & Replication,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-22T23:15:00.000Z,0
CVE-2024-29851,https://securityvulnerability.io/vulnerability/CVE-2024-29851,Veeam Backup Enterprise Manager Vulnerability Allows High-Privileged Users to Steal NTLM Hash of Service Account,"A vulnerability in Veeam Backup Enterprise Manager allows users with high privileges to exploit the system and extract the NTLM hash associated with the service account. This security flaw poses a risk to data integrity and confidentiality, making it crucial for organizations using this product to assess their security posture and implement necessary mitigations. High-privileged accounts can potentially misuse this access for unauthorized purposes, which emphasizes the importance of safeguarding service accounts and monitoring user activity to prevent exploitation.",Veeam,Backup & Replication,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-22T23:15:00.000Z,0
CVE-2024-29849,https://securityvulnerability.io/vulnerability/CVE-2024-29849,Unauthenticated Access to Veeam Backup Enterprise Manager,"An authentication bypass vulnerability has been identified in Veeam Backup Enterprise Manager, which allows unauthenticated users to log in as any user via the web interface. This flaw can potentially compromise the integrity and confidentiality of backup operations, allowing unauthorized access to sensitive data and operational controls. Organizations utilizing Veeam Backup should take immediate measures to assess their exposure and implement appropriate security protocols to mitigate risks associated with this vulnerability.",Veeam,Backup & Replication,9.8,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-06-10T15:12:20.000Z,true,true,false,,2024-05-22T23:15:00.000Z,3918
CVE-2024-29852,https://securityvulnerability.io/vulnerability/CVE-2024-29852,High-Privileged Access to Backup Session Logs,Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.,Veeam,Backup & Replication,2.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-22T23:15:00.000Z,0
CVE-2023-27532,https://securityvulnerability.io/vulnerability/CVE-2023-27532,Veeam Backup & Replication Vulnerability: Encrypted Credentials at Risk,"A vulnerability exists within the Veeam Backup & Replication component, which could allow unauthorized individuals to access encrypted credentials stored in the configuration database. This exploit opens potential pathways to gain access to backup infrastructure hosts, posing a significant risk to data integrity and security. Proper safeguards and up-to-date patches are essential to mitigate this vulnerability and protect sensitive backup operations.",Veeam,Veeam Backup & Replication,7.5,HIGH,0.015990000218153,true,2023-08-22T00:00:00.000Z,true,true,true,2023-03-23T16:08:43.000Z,true,false,false,,2023-03-10T00:00:00.000Z,0
CVE-2022-43549,https://securityvulnerability.io/vulnerability/CVE-2022-43549,Improper Authentication in Veeam Backup for Google Cloud by Veeam,"Veeam Backup for Google Cloud is susceptible to an improper authentication vulnerability that enables attackers to circumvent authentication mechanisms, potentially leading to unauthorized access. This issue affects version 1.0 and version 3.0 of the product, emphasizing the importance of immediate remediation to protect sensitive data and ensure the integrity of backup processes.",Veeam,Veeam Backup For Google Cloud,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2022-12-05T00:00:00.000Z,0
CVE-2022-26500,https://securityvulnerability.io/vulnerability/CVE-2022-26500,Improper Path Name Limitation in Veeam Backup & Replication Software,"A vulnerability exists in Veeam Backup & Replication versions 9.5U3, 9.5U4, 10.x, and 11.x due to improper restriction of path names. This flaw permits remote authenticated users to access sensitive internal API functionalities. By exploiting this vulnerability, attackers can upload and execute arbitrary code, potentially compromising the integrity and security of the affected systems.",Veeam,Backup \& Replication,8.8,HIGH,0.05576999858021736,true,2022-12-13T00:00:00.000Z,false,true,true,2022-12-13T00:00:00.000Z,,false,false,,2022-03-17T20:56:44.000Z,0
CVE-2022-26504,https://securityvulnerability.io/vulnerability/CVE-2022-26504,Improper Authentication in Veeam Backup & Replication for Microsoft SCVMM,"Veeam Backup & Replication, a solution widely used for backup and recovery by businesses leveraging Microsoft System Center Virtual Machine Manager (SCVMM), has a vulnerability stemming from improper authentication. This flaw affects various versions, allowing attackers to potentially execute arbitrary code through the vulnerable Veeam.Backup.PSManager.exe component. Organizations should address this security issue promptly to safeguard their data integrity and system reliability. Users are encouraged to consult Veeam’s official resources for mitigation techniques and to stay updated with patches.",Veeam,Backup \& Replication,8.8,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2022-03-17T20:48:29.000Z,0
CVE-2022-26501,https://securityvulnerability.io/vulnerability/CVE-2022-26501,Incorrect Access Control in Veeam Backup & Replication by Veeam,"A vulnerability exists in Veeam Backup & Replication versions 10.x and 11.x that allows an attacker to exploit incorrect access control measures, potentially gaining unauthorized access to restricted resources. This flaw could lead to severe implications for data security, as it undermines the integrity and confidentiality of backed-up data. It is crucial for users of affected versions to review their configurations and apply any available security patches to mitigate this issue.",Veeam,Backup \& Replication,9.8,CRITICAL,0.05731000006198883,true,2022-12-13T00:00:00.000Z,false,true,true,2022-12-13T00:00:00.000Z,,false,false,,2022-03-17T20:28:41.000Z,0
CVE-2021-35971,https://securityvulnerability.io/vulnerability/CVE-2021-35971,Deserialization Flaw in Veeam Backup and Replication Software,"Veeam Backup and Replication versions 10 and 11 prior to specified updates are susceptible to a deserialization vulnerability during Microsoft .NET remoting, which could allow attackers to execute malicious code or gain unauthorized access to sensitive data. Users are advised to upgrade their systems to a secure version as per vendor recommendations.",Veeam,Veeam Backup \& Replication,9.8,CRITICAL,0.006829999852925539,false,,false,false,false,,,false,false,,2021-06-30T14:28:51.000Z,0
CVE-2020-15518,https://securityvulnerability.io/vulnerability/CVE-2020-15518,,"VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.",Veeam,"Veeam Availability Suite,Veeam Backup \& Replication",8.8,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-07-03T10:58:45.000Z,0
CVE-2015-5742,https://securityvulnerability.io/vulnerability/CVE-2015-5742,,"VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.",Veeam,Backup And Replication,,,0.0004600000102072954,false,,false,false,false,,,false,false,,2015-10-16T20:00:00.000Z,0