7 results (0.003 seconds)

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. • https://www.veeam.com/kb4649 • CWE-295: Improper Certificate Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. • https://www.veeam.com/kb4649 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. • https://www.veeam.com/kb4649 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 3

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. • https://github.com/watchtowrlabs/CVE-2024-40711?tab=readme-ov-file https://github.com/watchtowrlabs/CVE-2024-40711 https://github.com/realstatus/CVE-2024-40711-Exp https://www.veeam.com/kb4649 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). • https://www.veeam.com/kb4649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •