CVE-2024-42022
https://notcve.org/view.php?id=CVE-2024-42022
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVE-2024-42024
https://notcve.org/view.php?id=CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. • https://www.veeam.com/kb4649 • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-40709
https://notcve.org/view.php?id=CVE-2024-40709
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. • https://www.veeam.com/kb4649 • CWE-862: Missing Authorization •
CVE-2024-40713
https://notcve.org/view.php?id=CVE-2024-40713
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. • https://www.veeam.com/kb4649 • CWE-287: Improper Authentication •
CVE-2024-40711 – Veeam Backup And Replication 12.1.2.172 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). • https://github.com/watchtowrlabs/CVE-2024-40711?tab=readme-ov-file https://www.veeam.com/kb4649 • CWE-502: Deserialization of Untrusted Data •