An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.