CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41723
https://notcve.org/view.php?id=CVE-2023-41723
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. Una vulnerabilidad en Veeam ONE permite a un usuario con el rol de Veeam ONE Read-Only User ver la Programación del Panel. Nota: La gravedad de esta vulnerabilidad se reduce porque el usuario con el rol de Read-Only solo puede ver la programación y no puede realizar cambios. • https://www.veeam.com/kb4508 •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 3CVE-2023-27532 – Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. • https://github.com/sfewer-r7/CVE-2023-27532 https://github.com/horizon3ai/CVE-2023-27532 https://github.com/puckiestyle/CVE-2023-27532-RCE-Only https://www.veeam.com/kb4424 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43549
https://notcve.org/view.php?id=CVE-2022-43549
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. La autenticación incorrecta en Veeam Backup para Google Cloud v1.0 y v3.0 permite a los atacantes eludir los mecanismos de autenticación. • https://www.veeam.com/kb4374 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32225
https://notcve.org/view.php?id=CVE-2022-32225
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. Se ha detectado una vulnerabilidad de tipo XSS basada en DOM reflejado en el directorio de ayuda de Veeam Management Pack for Microsoft System Center versión 8.0. Esta vulnerabilidad podría ser explotada por un atacante al convencer a un usuario legítimo de visitar una URL diseñada en un servidor de Veeam Management Pack for Microsoft System Center, permitiendo una ejecución de scripts arbitrarios • https://www.veeam.com/kb4338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 0CVE-2022-26500 – Veeam Backup & Replication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Una limitación inapropiada de los nombres de las rutas en Veeam Backup & Replication versiones 9.5U3, 9.5U4,10.x y 11.x, permite a usuarios remotos autenticados acceder a funciones internas de la API que permiten a atacantes cargar y ejecutar código arbitrario The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. • https://veeam.com https://www.veeam.com/kb4288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •