GCVE - cpe:2.3:a:veeam:backup_\&_replication:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:veeam:backup_\&_replication:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Veeam (`203dc226-d9ed-503f-8231-d4e4e702036f`)
Product	Backup & Replication (`d6fb432c-b077-5f33-91b4-921c335d4c9f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-40715`	vulnerable	2026-06-03 14:56:33.395240	Details available HIGH (7.7) A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. Published: 2024-11-07T16:40:37.566Z Updated: 2025-03-25T16:53:22.623Z Open on db.gcve.eu Reference links https://www.veeam.com/kb4682	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40714`	vulnerable	2026-06-03 14:56:33.394922	Details available HIGH (8.3) An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. Published: 2024-09-07T16:11:22.237Z Updated: 2024-09-09T14:03:17.836Z Open on db.gcve.eu Reference links https://www.veeam.com/kb4649	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40713`	vulnerable	2026-06-03 14:56:33.394592	Details available HIGH (7.8) A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. Published: 2024-09-07T16:11:22.216Z Updated: 2024-09-09T14:22:01.961Z Open on db.gcve.eu Reference links https://www.veeam.com/kb4649	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40712`	vulnerable	2026-06-03 14:56:33.394226	Details available HIGH (7.8) A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). Published: 2024-09-07T16:11:22.203Z Updated: 2024-09-09T15:18:23.506Z Open on db.gcve.eu Reference links https://www.veeam.com/kb4649	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40711`	vulnerable	2026-06-03 14:56:33.391747	Details available CRITICAL (9.8) A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Published: 2024-09-07T16:11:22.213Z Updated: 2025-10-21T22:55:45.810Z Open on db.gcve.eu Reference links https://www.veeam.com/kb4649	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-40710`	vulnerable	2026-06-03 14:56:33.390236	Details available HIGH (8.8) A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. Published: 2024-09-07T16:11:22.182Z Updated: 2024-09-09T16:28:11.865Z Open on db.gcve.eu Reference links https://www.veeam.com/kb4649	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.