CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43549
https://notcve.org/view.php?id=CVE-2022-43549
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. La autenticación incorrecta en Veeam Backup para Google Cloud v1.0 y v3.0 permite a los atacantes eludir los mecanismos de autenticación. • https://www.veeam.com/kb4374 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2022-26500 – Veeam Backup & Replication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Una limitación inapropiada de los nombres de las rutas en Veeam Backup & Replication versiones 9.5U3, 9.5U4,10.x y 11.x, permite a usuarios remotos autenticados acceder a funciones internas de la API que permiten a atacantes cargar y ejecutar código arbitrario The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. • https://veeam.com https://www.veeam.com/kb4288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2022-26504
https://notcve.org/view.php?id=CVE-2022-26504
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe Una autenticación inapropiada en Veeam Backup & Replication versiones 9.5U3, 9.5U4,10.x y 11.x, componente usado para Microsoft System Center Virtual Machine Manager (SCVMM) permite a atacantes ejecutar código arbitrario por medio del archivo Veeam.Backup.PSManager.exe • https://veeam.com https://www.veeam.com/kb4290 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2022-26501 – Veeam Backup & Replication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Veeam Backup & Replication versiones 10.x y 11.x, presenta un Control de Acceso Incorrecto (problema 1 de 2) The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. • https://veeam.com https://www.veeam.com/kb4288 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-26503
https://notcve.org/view.php?id=CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. Una deserialización de datos no confiables en Veeam Agent para Windows versiones 2.0, 2.1, 2.2, 3.0.2, 4.x y 5.x, permite a usuarios locales ejecutar código arbitrario con privilegios del sistema local • https://github.com/sinsinology/CVE-2022-26503 https://veeam.com https://www.veeam.com/kb4289 • CWE-502: Deserialization of Untrusted Data •