cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23114,https://securityvulnerability.io/vulnerability/CVE-2025-23114,Veeam Updater Vulnerability in Veeam Software Products,"A security flaw in the Veeam Updater component allows attackers to execute arbitrary code by exploiting insufficient validation of TLS certificates. This vulnerability can be targeted through Man-in-the-Middle attacks, potentially compromising system integrity and data confidentiality. Organizations using Veeam Backup & Replication and Veeam ONE should be aware of this issue and follow recommended security guidelines to mitigate risks.",Veeam,"Backup For Aws,Backup For Microsoft Azure,Backup For Google Cloud,Backup For Nutanix Ahv,Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization,Backup For Salesforce",,,0.0004299999854993075,false,,false,false,false,,false,true,false,,2025-02-05T01:45:03.336Z,2649
CVE-2025-23082,https://securityvulnerability.io/vulnerability/CVE-2025-23082,Server-Side Request Forgery in Veeam Backup for Microsoft Azure,"Veeam Backup for Microsoft Azure has a vulnerability that allows an unauthenticated attacker to exploit Server-Side Request Forgery (SSRF). This flaw enables unauthorized requests to be sent from the affected system, which could lead to unforeseen network enumeration or facilitate other security threats. For more details, refer to Veeam's official documentation.",Veeam,Backup For Microsoft Azure,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T01:46:14.729Z,0
CVE-2024-42448,https://securityvulnerability.io/vulnerability/CVE-2024-42448,Remote Code Execution (RCE) Vulnerability in VSPC Management Agent,A remote code execution vulnerability exists in the VSPC management agent allowing an authorized agent on the server to execute arbitrary code on the VSPC server machine. This vulnerability can pose significant security risks by enabling unauthorized actions and data exposure on the affected systems.,Veeam,Service Provider Console,9.9,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-12T01:59:00.000Z,0
CVE-2024-42455,https://securityvulnerability.io/vulnerability/CVE-2024-42455,Low-Privileged User Can Exploit Insecure Deserialization to Delete Any File with Service Account Privileges,"A vulnerability within Veeam Backup & Replication enables low-privileged users to connect to remoting services and exploit weaknesses in the deserialization process. An attacker can send a serialized temporary file collection that is insufficiently validated, allowing them to delete any file on the system with the privileges of the service account. This flaw highlights the critical need for robust validation mechanisms during the deserialization process to prevent unauthorized actions on sensitive files and data.",Veeam,Backup & Replication,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42456,https://securityvulnerability.io/vulnerability/CVE-2024-42456,Low-Privileged User Vulnerability Allows Unauthorized Access and Privileged Method Initiation,"A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42451,https://securityvulnerability.io/vulnerability/CVE-2024-42451,Credential Leak Vulnerability Affects Veeam Backup & Replication,"A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42453,https://securityvulnerability.io/vulnerability/CVE-2024-42453,"Low-Privileged Users Can Modify Virtual Infrastructure Configurations, Leading to Vulnerabilities","A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-45206,https://securityvulnerability.io/vulnerability/CVE-2024-45206,Veeam Service Provider Console Vulnerability Allows Access to Internal Resources,"A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-45207,https://securityvulnerability.io/vulnerability/CVE-2024-45207,Potential for DLL Injection Vulnerabilities in Veeam Agent for Windows,"DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42452,https://securityvulnerability.io/vulnerability/CVE-2024-42452,Low-Privileged User Can Elevate Privileges and Compromise Server,"A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-40717,https://securityvulnerability.io/vulnerability/CVE-2024-40717,Veeam Backup & Replication Vulnerability: Remote Code Execution via Job Update,"A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42457,https://securityvulnerability.io/vulnerability/CVE-2024-42457,Veeam Backup & Replication Vulnerability Allows Credentials Leak,"A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext.",Veeam,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42449,https://securityvulnerability.io/vulnerability/CVE-2024-42449,Arbitrary File Removal on VSPC Server,"A vulnerability within Veeam's VSPC management agent allows authorized management agents to execute unauthorized file deletions on the VSPC server. This capability poses significant security risks, as it can lead to data loss and server instability. Organizations utilizing Veeam solutions should assess their systems for this vulnerability to mitigate potential exploitation and ensure data integrity. Proper access controls and monitoring mechanisms are vital in defending against the unauthorized removal of critical files.",Veeam,Service Provider Console,7.1,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-40715,https://securityvulnerability.io/vulnerability/CVE-2024-40715,Veeam Backup & Replication Enterprise Manager Vulnerability - Authentication Bypass,"A security vulnerability has been identified in Veeam Backup & Replication Enterprise Manager that can lead to authentication bypass. This vulnerability can be exploited by attackers through a Man-in-the-Middle (MITM) attack, enabling unauthorized access to sensitive information and functionalities. Organizations utilizing this software should be aware of the potential risks and implement appropriate security measures to protect their data.",Veeam,Enterprise Manager,7.7,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-11-07T16:40:37.566Z,0
CVE-2024-38650,https://securityvulnerability.io/vulnerability/CVE-2024-38650,Authentication Bypass Vulnerability Affects NTLM Hash of Service Account on VSPC Server,"An authentication bypass vulnerability exists in the Veeam Service Provider Console that can be exploited by low privileged attackers. This flaw allows unauthorized access to critical information, specifically the NTLM hash of service accounts. If exploited, this vulnerability could enable attackers to escalate their privileges and compromise the security of the system.",Veeam,Veeam Service Provider Console,9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.353Z,0
CVE-2024-42021,https://securityvulnerability.io/vulnerability/CVE-2024-42021,Improper Access Control Exposes Saved Credentials to Attackers,"An improper access control vulnerability exists in Veeam Backup and Replication, which can be exploited by an attacker possessing valid access tokens. This vulnerability permits unauthorized access to saved credentials, potentially compromising sensitive information. It is essential for users of Veeam Backup and Replication to assess their security measures and ensure adequate protections are in place to mitigate potential risks associated with this vulnerability.",Veeam,One,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.333Z,0
CVE-2024-40718,https://securityvulnerability.io/vulnerability/CVE-2024-40718,Low-Privileged User Can Perform Local Privilege Escalation Through SSRF Vulnerability,"A vulnerability in Veeam's software allows low-privileged users to exploit server-side request forgery (SSRF) mechanisms. Through this vulnerability, attackers can potentially escalate their privileges locally, gaining unauthorized access to sensitive resources and compromising the security of the affected environment. This issue highlights the importance of safeguarding applications against SSRF attacks and emphasizes the necessity for rigorous security assessments of Veeam products.",Veeam,"Nutanix Ahv,Nutanix Kvm",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.238Z,0
CVE-2024-42023,https://securityvulnerability.io/vulnerability/CVE-2024-42023,Remote Code Execution Vulnerability Affects Administrator Privileges,"The vulnerability disclosed allows low-privileged users within a Veeam Backup and Replication environment to execute arbitrary code with elevated Administrator privileges. This security gap could lead to unauthorized access and potential manipulation of critical backup operations, posing a significant risk to data integrity and system security. Users and administrators are encouraged to apply the latest security updates and adhere to best practices in configuring user privileges to mitigate this risk.",Veeam,One,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.238Z,0
CVE-2024-40714,https://securityvulnerability.io/vulnerability/CVE-2024-40714,Intercepting Sensitive Credentials During Restore Operations,"An improper certificate validation vulnerability has been identified in Veeam Backup & Replication, where inadequate checks during TLS certificate validation can be exploited by an attacker on the same network. This flaw potentially allows unauthorized interception of sensitive credentials during restore operations, posing a serious security threat to data integrity and confidentiality in enterprise environments.",Veeam,Backup And Recovery,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.237Z,0
CVE-2024-42022,https://securityvulnerability.io/vulnerability/CVE-2024-42022,Modification of Product Configuration Files via Incorrect Permission Assignment,"An incorrect permission assignment vulnerability has been identified in Veeam Software's Backup and Replication product, which could potentially allow an unauthorized attacker to alter critical product configuration files. This flaw may lead to unauthorized access and manipulation of backup settings, impacting the integrity and security of data management operations. It is essential for users of affected versions to evaluate their systems and implement security best practices.",Veeam,One,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.220Z,0
CVE-2024-42024,https://securityvulnerability.io/vulnerability/CVE-2024-42024,Remote Code Execution Vulnerability in Veeam ONE Agent,"A vulnerability exists in the Veeam ONE Agent that permits an attacker with access to the service account credentials to execute arbitrary code remotely on the targeted machine. This exploitation can lead to unauthorized access and control over the affected system. Organizations utilizing Veeam ONE Agent are advised to apply recommended security measures to mitigate the risks associated with this vulnerability, ensuring that service account credentials are adequately protected.",Veeam,One,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.220Z,0
CVE-2024-40713,https://securityvulnerability.io/vulnerability/CVE-2024-40713,Low-Privileged User Vulnerability Allows MFA Bypass,"A vulnerability exists within Veeam Backup & Replication that permits users with low-privileged roles to alter Multi-Factor Authentication (MFA) settings. This manipulation can enable these users to bypass the MFA mechanism, resulting in potential unauthorized access to critical backup and replication data. This highlights the importance of maintaining stringent access controls and regularly updating security measures to mitigate such risks.",Veeam,Backup And Recovery,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.216Z,0
CVE-2024-40709,https://securityvulnerability.io/vulnerability/CVE-2024-40709,Low-Privileged User Escalation,"A missing authorization flaw in Veeam Backup & Replication software allows a local low-privileged user to escalate their privileges to root level. This vulnerability could enable unauthorized access to sensitive system functions and data, potentially compromising system integrity and security. It is crucial for users of the affected versions to assess the potential risks and apply necessary security measures.",Veeam,Backup And Recovery,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.216Z,0
CVE-2024-40711,https://securityvulnerability.io/vulnerability/CVE-2024-40711,Unauthenticated Remote Code Execution (RCE) Vulnerability Discovered in Vulnerability Scanning Tool,"A vulnerability has been identified in Veeam Backup & Replication products that allows for the deserialization of untrusted data. This flaw can be exploited by an attacker to execute arbitrary code remotely without authentication, potentially compromising the integrity and security of the affected systems. Proper remediation measures are necessary to mitigate the risks associated with this vulnerability.",Veeam,Backup And  Recovery,9.8,CRITICAL,0.9621700048446655,true,2024-10-17T00:00:00.000Z,true,true,true,2024-09-10T16:07:37.000Z,true,true,true,2024-09-07T17:52:16.619Z,2024-09-07T16:11:22.213Z,11647
CVE-2024-39715,https://securityvulnerability.io/vulnerability/CVE-2024-39715,Remote Code Execution Vulnerability in VSPC Server via REST API,"A code injection vulnerability exists in the VSPC server by Veeam, allowing low-privileged users with access to the REST API to upload arbitrary files. This flaw could enable an attacker to execute remote code on the VSPC server, potentially compromising the system and leading to unauthorized access or data manipulation. The vulnerability underscores the risks associated with insufficient input validation and access controls in REST API implementations.",Veeam,Veeam Service Provider Console,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.204Z,0