Vulnerabilities in Veeam
74 resultsCVE-2024-40711CRITICALA deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).EPSS 88.2%KEVCVE-2020-10915CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. AuthenticationEPSS 86.6%CVE-2020-15419HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. AutEPSS 63.8%CVE-2020-10914CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. AuthenticationEPSS 47.0%CVE-2024-29855CRITICALHard-coded JWT secret allows authentication bypass in Veeam Recovery OrchestratorEPSS 21.6%CVE-2024-42448CRITICALFrom the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform RemEPSS 20.1%CVE-2023-38549MEDIUMA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of EPSS 19.1%CVE-2023-38547CRITICALA vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access itsEPSS 18.9%CVE-2025-23120CRITICALA vulnerability allowing remote code execution (RCE) for domain users.EPSS 18.3%CVE-2024-29849CRITICALVeeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.EPSS 16.7%CVE-2024-42455HIGHA vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserializatEPSS 14.0%CVE-2023-41723MEDIUMA vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of tEPSS 12.3%CVE-2023-38548CRITICALA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of EPSS 11.8%CVE-2025-23121CRITICALA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain userEPSS 11.6%CVE-2025-24286HIGHA vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.EPSS 10.7%CVE-2020-15418HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. AutEPSS 9.4%CVE-2024-42449HIGHFrom the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbiEPSS 5.4%CVE-2026-44963CRITICALA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.EPSS 2.0%CVE-2024-29212CRITICALDue to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agEPSS 1.6%CVE-2025-59470CRITICALThis vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or oEPSS 1.5%