49 results (0.008 seconds)

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Veeam Backup Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of security tokens. The issue results from improper certificate validation. • https://www.veeam.com/kb4682 •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. • https://www.veeam.com/kb4649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. • https://www.veeam.com/kb4649 • CWE-918: Server-Side Request Forgery (SSRF) •