CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40715 – Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-40715
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Veeam Backup Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of security tokens. The issue results from improper certificate validation. • https://www.veeam.com/kb4682 •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38650
https://notcve.org/view.php?id=CVE-2024-38650
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. • https://www.veeam.com/kb4649 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42021
https://notcve.org/view.php?id=CVE-2024-42021
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42023
https://notcve.org/view.php?id=CVE-2024-42023
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40718
https://notcve.org/view.php?id=CVE-2024-40718
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. • https://www.veeam.com/kb4649 • CWE-918: Server-Side Request Forgery (SSRF) •