cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-42021,https://securityvulnerability.io/vulnerability/CVE-2024-42021,Improper Access Control Exposes Saved Credentials to Attackers,"An improper access control vulnerability exists in Veeam Backup and Replication, which can be exploited by an attacker possessing valid access tokens. This vulnerability permits unauthorized access to saved credentials, potentially compromising sensitive information. It is essential for users of Veeam Backup and Replication to assess their security measures and ensure adequate protections are in place to mitigate potential risks associated with this vulnerability.",Veeam,One,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.333Z,0
CVE-2024-42023,https://securityvulnerability.io/vulnerability/CVE-2024-42023,Remote Code Execution Vulnerability Affects Administrator Privileges,"The vulnerability disclosed allows low-privileged users within a Veeam Backup and Replication environment to execute arbitrary code with elevated Administrator privileges. This security gap could lead to unauthorized access and potential manipulation of critical backup operations, posing a significant risk to data integrity and system security. Users and administrators are encouraged to apply the latest security updates and adhere to best practices in configuring user privileges to mitigate this risk.",Veeam,One,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.238Z,0
CVE-2024-42024,https://securityvulnerability.io/vulnerability/CVE-2024-42024,Remote Code Execution Vulnerability in Veeam ONE Agent,"A vulnerability exists in the Veeam ONE Agent that permits an attacker with access to the service account credentials to execute arbitrary code remotely on the targeted machine. This exploitation can lead to unauthorized access and control over the affected system. Organizations utilizing Veeam ONE Agent are advised to apply recommended security measures to mitigate the risks associated with this vulnerability, ensuring that service account credentials are adequately protected.",Veeam,One,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.220Z,0
CVE-2024-42022,https://securityvulnerability.io/vulnerability/CVE-2024-42022,Modification of Product Configuration Files via Incorrect Permission Assignment,"An incorrect permission assignment vulnerability has been identified in Veeam Software's Backup and Replication product, which could potentially allow an unauthorized attacker to alter critical product configuration files. This flaw may lead to unauthorized access and manipulation of backup settings, impacting the integrity and security of data management operations. It is essential for users of affected versions to evaluate their systems and implement security best practices.",Veeam,One,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.220Z,0
CVE-2024-42020,https://securityvulnerability.io/vulnerability/CVE-2024-42020,Cross-site Scripting (XSS) Vulnerability in Reporter Widgets,A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.,Veeam,One,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.194Z,0
CVE-2024-42019,https://securityvulnerability.io/vulnerability/CVE-2024-42019,Veeam Reporter Service Vulnerability,"This vulnerability permits attackers to gain unauthorized access to the NTLM hash of the service account utilized by the Veeam Reporter Service. Exploitation of this vulnerability requires user interaction, making it essential for administrators and users of Veeam Backup & Replication to remain vigilant. Attackers can leverage data from Veeam Backup & Replication to facilitate an attack, potentially compromising sensitive credentials. Regular updates and security best practices are crucial to mitigate the risks associated with this vulnerability.",Veeam,One,9,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-07T16:11:22.117Z,0
CVE-2023-38549,https://securityvulnerability.io/vulnerability/CVE-2023-38549,Authentication Bypass in Veeam ONE Web Client by Veeam,"A security vulnerability in Veeam ONE Web Client allows an unprivileged user to retrieve the NTLM hash from the account used by the Veeam ONE Reporting Service. Although the risk is mitigated by the requirement for a user with the Veeam ONE Administrator role to initiate the action, it still poses a significant security concern. This vulnerability highlights the need for robust user access controls and auditing mechanisms within Veeam ONE implementations.",Veeam,One,4.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-07T07:15:00.000Z,0
CVE-2023-38548,https://securityvulnerability.io/vulnerability/CVE-2023-38548,Web Client Vulnerability in Veeam ONE Affects User Account Security,A security flaw in Veeam ONE enables an unprivileged user with access to the Veeam ONE Web Client to potentially obtain the NTLM hash associated with the account utilized by the Veeam ONE Reporting Service. This exposure can lead to unauthorized access and compromise of user credentials.,Veeam,One,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-07T07:15:00.000Z,0
CVE-2023-41723,https://securityvulnerability.io/vulnerability/CVE-2023-41723,Veeam ONE Vulnerability Allows Unauthorized Schedule Viewing for Read-Only Users,"A vulnerability in Veeam ONE permits users assigned to the Read-Only User role to access and view the Dashboard Schedule. This could potentially expose sensitive scheduling information within the application, although these users lack the permissions to modify any settings or configurations.",Veeam,One,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-07T07:15:00.000Z,0
CVE-2023-38547,https://securityvulnerability.io/vulnerability/CVE-2023-38547,Information Disclosure Vulnerability in Veeam ONE by Veeam,"A vulnerability in Veeam ONE allows an unauthenticated user to access sensitive information concerning the SQL server connection utilized for accessing its configuration database. This exposure could potentially open the door for unauthorized entities to execute remote code on the SQL server hosting the Veeam ONE configuration database, thereby compromising the integrity and security of the system.",Veeam,One,9.8,CRITICAL,0.003389999968931079,false,,false,false,false,,,false,false,,2023-11-07T07:15:00.000Z,0
CVE-2020-15419,https://securityvulnerability.io/vulnerability/CVE-2020-15419,XML External Entity Vulnerability in Veeam ONE Software by Veeam,"A vulnerability exists in the Veeam ONE software that allows remote attackers to disclose sensitive information without requiring authentication. The flaw is located in the Reporter_ImportLicense class, where improper handling of XML External Entity (XXE) references permits an attacker to parse a specially crafted document pointing to a URI. This results in the XML parser accessing the specified URI and potentially embedding confidential file contents back into the XML document. Consequently, an attacker can exploit this flaw to gain unauthorized access to system-level file contents.",Veeam,One,7.5,HIGH,0.017820000648498535,false,,false,false,false,,,false,false,,2020-07-28T17:10:18.000Z,0
CVE-2020-15418,https://securityvulnerability.io/vulnerability/CVE-2020-15418,XML External Entity Vulnerability in Veeam ONE by Veeam Software,"This vulnerability affects Veeam ONE, enabling remote attackers to disclose sensitive information on impacted systems. It arises from the improper handling of XML External Entity (XXE) references in the SSRSReport class. An attacker can exploit this flaw by sending specially crafted XML documents that reference a URI, compelling the XML parser to access external content. This can lead to unauthorized disclosure of file contents within the context of the SYSTEM, potentially compromising sensitive data directly from the server.",Veeam,One,7.5,HIGH,0.017820000648498535,false,,false,false,false,,,false,false,,2020-07-28T17:10:17.000Z,0
CVE-2020-10915,https://securityvulnerability.io/vulnerability/CVE-2020-10915,,"This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.",Veeam,One Agent,9.8,CRITICAL,0.5885599851608276,false,,false,false,true,2021-10-20T20:27:42.000Z,true,false,false,,2020-04-22T20:51:07.000Z,0
CVE-2020-10914,https://securityvulnerability.io/vulnerability/CVE-2020-10914,,"This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.",Veeam,One Agent,9.8,CRITICAL,0.5885599851608276,false,,false,false,false,,,false,false,,2020-04-22T20:51:06.000Z,0
CVE-2019-14298,https://securityvulnerability.io/vulnerability/CVE-2019-14298,,Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.,Veeam,One Reporter,5.4,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2019-07-27T23:15:00.000Z,0
CVE-2019-14297,https://securityvulnerability.io/vulnerability/CVE-2019-14297,,Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.,Veeam,One Reporter,5.4,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2019-07-27T23:15:00.000Z,0
CVE-2019-11569,https://securityvulnerability.io/vulnerability/CVE-2019-11569,,Veeam ONE Reporter 9.5.0.3201 allows CSRF.,Veeam,One Reporter,8.8,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2019-05-06T19:47:22.000Z,0