← back
CVE-2022-26501

CVE-2022-26501

CVSS 9.8 CRITICALEPSS 4.3%● KEVCWE-306
In short

Veeam Backup & Replication versions 10 and 11 have a flaw that allows improper access control, meaning unauthorized users may gain access to sensitive backup data and functions they shouldn't have. This is critical because backups often contain your most valuable data.

Technical detail

Veeam Backup & Replication 10.x and 11.x contain an access control bypass vulnerability (CWE-306) that enables unauthenticated or low-privileged attackers to gain unauthorized access to restricted backup operations and data. The vulnerability requires network access to the Veeam service but no special preconditions, resulting in potential complete compromise of backup integrity and confidentiality.

Summary generated and translated by AI from the official description.
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://veeam.comhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26501https://www.veeam.com/kb4288