7 results (0.008 seconds)

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 3

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. • https://github.com/sfewer-r7/CVE-2023-27532 https://github.com/horizon3ai/CVE-2023-27532 https://github.com/puckiestyle/CVE-2023-27532-RCE-Only https://www.veeam.com/kb4424 • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Una limitación inapropiada de los nombres de las rutas en Veeam Backup & Replication versiones 9.5U3, 9.5U4,10.x y 11.x, permite a usuarios remotos autenticados acceder a funciones internas de la API que permiten a atacantes cargar y ejecutar código arbitrario The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. • https://veeam.com https://www.veeam.com/kb4288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe Una autenticación inapropiada en Veeam Backup & Replication versiones 9.5U3, 9.5U4,10.x y 11.x, componente usado para Microsoft System Center Virtual Machine Manager (SCVMM) permite a atacantes ejecutar código arbitrario por medio del archivo Veeam.Backup.PSManager.exe • https://veeam.com https://www.veeam.com/kb4290 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Veeam Backup & Replication versiones 10.x y 11.x, presenta un Control de Acceso Incorrecto (problema 1 de 2) The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. • https://veeam.com https://www.veeam.com/kb4288 • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. Veeam Backup and Replication versiones 10 anteriores a 10.0.1.4854 P20210609 y versiones 11 anteriores a 11.0.0.837 P20210507, maneja inapropiadamente la deserialización durante el remoting de Microsoft .NET • https://www.veeam.com/kb4126 https://www.veeam.com/kb4180 • CWE-502: Deserialization of Untrusted Data •