6 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. • https://www.veeam.com/kb4649 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. • https://www.veeam.com/kb4649 • CWE-284: Improper Access Control •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. • https://www.veeam.com/kb4649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •