CVE-2022-26504

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Veeam_backup_&_replication	Veeam	10.0.0.4442 (including)	10.0.1.4854 (excluding)
Veeam_backup_&_replication	Veeam	11.0.0.825 (including)	11.0.1.1261 (excluding)
Veeam_backup_&_replication	Veeam	9.5.0.1536 (including)	9.5.0.1536 (including)
Veeam_backup_&_replication	Veeam	9.5.4.2615 (including)	9.5.4.2615 (including)
Veeam_backup_&_replication	Veeam	10.0.1.4854 (including)	10.0.1.4854 (including)
Veeam_backup_&_replication	Veeam	10.0.1.4854-p20201202 (including)	10.0.1.4854-p20201202 (including)
Veeam_backup_&_replication	Veeam	10.0.1.4854-p20210609 (including)	10.0.1.4854-p20210609 (including)
Veeam_backup_&_replication	Veeam	10.0.1.4854-p20220304 (including)	10.0.1.4854-p20220304 (including)
Veeam_backup_&_replication	Veeam	11.0.1.1261 (including)	11.0.1.1261 (including)
Veeam_backup_&_replication	Veeam	11.0.1.1261-p20211123 (including)	11.0.1.1261-p20211123 (including)
Veeam_backup_&_replication	Veeam	11.0.1.1261-p20211211 (including)	11.0.1.1261-p20211211 (including)
Veeam_backup_&_replication	Veeam	11.0.1.1261-p20220302 (including)	11.0.1.1261-p20220302 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-26504
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2022-26504

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References