Filtered by vendor Veeam Subscriptions
Total 65 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27532 1 Veeam 1 Veeam Backup \& Replication 2025-10-22 7.5 High
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
CVE-2022-26501 1 Veeam 1 Veeam Backup \& Replication 2025-10-22 9.8 Critical
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
CVE-2022-26500 1 Veeam 1 Veeam Backup \& Replication 2025-10-22 8.8 High
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
CVE-2024-40711 1 Veeam 2 Backup \& Replication, Veeam Backup \& Replication 2025-10-21 9.8 Critical
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
CVE-2024-42448 1 Veeam 1 Service Provider Console 2025-07-21 N/A
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVE-2025-24286 1 Veeam 1 Veeam Backup \& Replication 2025-07-16 7.2 High
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVE-2025-23121 1 Veeam 1 Veeam Backup \& Replication 2025-07-15 8.8 High
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
CVE-2024-29855 1 Veeam 1 Recovery Orchestrator 2025-07-14 N/A
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVE-2024-40715 1 Veeam 2 Backup \& Replication, Veeam Backup \& Replication 2025-07-11 N/A
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
CVE-2024-29849 1 Veeam 2 Backup Enterprise Manager, Veeam Backup \& Replication 2025-07-03 N/A
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
CVE-2024-29850 1 Veeam 2 Backup Enterprise Manager, Veeam Backup \& Replication 2025-07-03 N/A
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
CVE-2024-29851 1 Veeam 2 Backup Enterprise Manager, Veeam Backup \& Replication 2025-07-03 N/A
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
CVE-2024-29852 1 Veeam 2 Backup Enterprise Manager, Veeam Backup \& Replication 2025-07-03 N/A
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
CVE-2024-29853 1 Veeam 2 Agent, Veeam Agent For Windows 2025-07-03 N/A
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
CVE-2025-23082 1 Veeam 1 Veeam Backup For Microsoft Azure 2025-07-03 N/A
Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2024-45206 1 Veeam 2 Service Provider Console, Veeam Service Provider Console 2025-07-02 N/A
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVE-2024-45207 1 Veeam 2 Agent, Veeam Agent For Windows 2025-07-02 N/A
DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services
CVE-2024-29212 1 Veeam 1 Veeam Service Provider Console 2025-06-30 N/A
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVE-2024-22021 1 Veeam 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator 2025-06-05 4.3 Medium
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CVE-2024-22022 1 Veeam 1 Recovery Orchestrator 2025-06-03 8.8 High
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.