CVE-2022-26501

CRITICAL KEV RANSOMWARE

Veeam Backup & Replication <11.x - Info Disclosure

Title source: llm

Description

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).

Exploits (1)

vulncheck_xdb WORKING POC
remote
https://github.com/LeakIX/veeam-ds-client

References (3)

Scores

CVSS v3 9.8
EPSS 0.6673
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-12-13
VulnCheck KEV 2022-10-24
InTheWild.io 2022-12-13
ENISA EUVD EUVD-2022-31059
Ransomware Use Confirmed
CWE
CWE-306
Status published
Products (3)
veeam/veeam_backup_\&_replication 10.0.1.4854 (3 CPE variants)
veeam/veeam_backup_\&_replication 11.0.1.1261 (3 CPE variants)
veeam/veeam_backup_\&_replication 10.0.0.4442 - 10.0.1.4854
Published Mar 17, 2022
KEV Added Dec 13, 2022
Tracked Since Feb 18, 2026