cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40711,https://securityvulnerability.io/vulnerability/CVE-2024-40711,Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool,"A vulnerability has been identified in Veeam Backup & Replication products that allows for the deserialization of untrusted data. This flaw can be exploited by an attacker to execute arbitrary code remotely without authentication, potentially compromising the integrity and security of the affected systems. Proper remediation measures are necessary to mitigate the risks associated with this vulnerability.",Veeam,Backup And  Recovery,9.8,CRITICAL,0.9621700048446655,true,2024-10-17T00:00:00.000Z,true,true,true,2024-09-10T16:07:37.000Z,true,true,true,2024-09-07T17:52:16.619Z,2024-09-07T16:11:22.213Z,11647
CVE-2024-29855,https://securityvulnerability.io/vulnerability/CVE-2024-29855,Veeam Recovery Orchestrator Authentication Bypass Vulnerability,"The Veeam Recovery Orchestrator Authentication Bypass Vulnerability (CVE-2024-29855) allows unauthenticated attackers to log in to the Veeam Recovery Orchestrator web UI with administrative privileges due to a hardcoded JSON Web Token (JWT) secret. A proof-of-concept (PoC) exploit for the vulnerability has been released by a security researcher, making it easier to exploit than initially suggested. The vulnerability impacts Veeam Recovery Orchestrator (VRO) versions 7.0.0.337 and 7.1.0.205 and older. It is recommended to upgrade to the patched versions 7.1.0.230 and 7.0.0.379 to mitigate the risk. Due to the availability of the exploit, attackers may attempt to leverage it against unpatched systems, emphasizing the importance of applying the available security updates as soon as possible.",Veeam,Recovery Orchestrator,9,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-06-13T17:32:55.000Z,true,false,false,,2024-06-11T03:55:54.458Z,0
CVE-2024-29849,https://securityvulnerability.io/vulnerability/CVE-2024-29849,Unauthenticated Access to Veeam Backup Enterprise Manager,"An authentication bypass vulnerability has been identified in Veeam Backup Enterprise Manager, which allows unauthenticated users to log in as any user via the web interface. This flaw can potentially compromise the integrity and confidentiality of backup operations, allowing unauthorized access to sensitive data and operational controls. Organizations utilizing Veeam Backup should take immediate measures to assess their exposure and implement appropriate security protocols to mitigate risks associated with this vulnerability.",Veeam,Backup & Replication,9.8,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-06-10T15:12:20.000Z,true,true,false,,2024-05-22T23:15:00.000Z,3918