CVE-2022-26500
Description
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
23.856
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2022-26504 are affected in Veeam Backup and Replication 10.0.1.4848 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501 are affected in Veeam Backup and Replication 10.0.1.4853 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2022-26504 are affected in Veeam Backup and Replication 10.0.1.4854 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501 are affected in Veeam Backup and Replication 10.0.1.4854-p20201202 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501 are affected in Veeam Backup and Replication 10.0.1.4854-p20210609 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501 are affected in Veeam Backup and Replication 10.0.1.4854-p20220304 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2022-26504 are affected in Veeam Backup and Replication 11.0.0.837-p20210525 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501 are affected in Veeam Backup and Replication 11.0.1.1260-p20210525 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2022-26504,CVE-2023-27532 are affected in Veeam Backup and Replication 11.0.1.1261 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2023-27532 are affected in Veeam Backup and Replication 11.0.1.1261-p20211123 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2023-27532 are affected in Veeam Backup and Replication 11.0.1.1261-p20211211 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26501,CVE-2023-27532 are affected in Veeam Backup and Replication 11.0.1.1261-p20220302 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26504 are affected in Veeam Backup and Replication 9.5.0.1536 | Windows |
| Vulnerabilities CVE-2022-26500,CVE-2022-26504 are affected in Veeam Backup and Replication 9.5.4.2615 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234