CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
44.6%
Vulnerability (CVE-2022-26504) in Veeam Backup & Replication component used for Microsoft System Center Virtual Machine Manager (SCVMM) integration allows domain users to execute malicious code remotely. This may lead to gaining control over the target system.
Severity: High CVSS v3 score: 8.8
The vulnerable process Veeam.Backup.PSManager.exe (TCP 8732 by default) allows authentication using non-administrative domain credentials. A remote attacker may use the vulnerable component to execute arbitrary code.
**NOTE:**The default Veeam Backup & Replication installation is not vulnerable to this issue. Only Veeam Backup & Replication installations with an SCVMM server registered are vulnerable.
Patches are available for the following Veeam Backup & Replication versions:
Notes:
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Vendor | Product | Version | CPE |
---|---|---|---|
veeam | veeam_backup_\&_replication | 11 | cpe:2.3:a:veeam:veeam_backup_\&_replication:11:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 10 | cpe:2.3:a:veeam:veeam_backup_\&_replication:10:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 9.5 | cpe:2.3:a:veeam:veeam_backup_\&_replication:9.5:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
44.6%