CVE-2022-26504
First published: Thu Mar 17 2022(Updated: )
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veeam Backup & Replication | >=10.0.0.4442<10.0.1.4854 | |
| Veeam Backup & Replication | >=11.0.0.825<11.0.1.1261 | |
| Veeam Backup & Replication | =9.5.0.1536 | |
| Veeam Backup & Replication | =9.5.4.2615 | |
| Veeam Backup & Replication | =10.0.1.4854 | |
| Veeam Backup & Replication | =10.0.1.4854-p20201202 | |
| Veeam Backup & Replication | =10.0.1.4854-p20210609 | |
| Veeam Backup & Replication | =10.0.1.4854-p20220304 | |
| Veeam Backup & Replication | =11.0.1.1261 | |
| Veeam Backup & Replication | =11.0.1.1261-p20211123 | |
| Veeam Backup & Replication | =11.0.1.1261-p20211211 | |
| Veeam Backup & Replication | =11.0.1.1261-p20220302 | |
| Veeam Backup & Replication | >=10.0.0.4442<10.0.1.4854 | |
| Veeam Backup & Replication | >=11.0.0.825<11.0.1.1261 | |
| Veeam Backup & Replication | =9.5.0.1536 | |
| Veeam Backup & Replication | =9.5.4.2615 | |
| Veeam Backup & Replication | =10.0.1.4854 | |
| Veeam Backup & Replication | =10.0.1.4854-p20201202 | |
| Veeam Backup & Replication | =10.0.1.4854-p20210609 | |
| Veeam Backup & Replication | =10.0.1.4854-p20220304 | |
| Veeam Backup & Replication | =11.0.1.1261 | |
| Veeam Backup & Replication | =11.0.1.1261-p20211123 | |
| Veeam Backup & Replication | =11.0.1.1261-p20211211 | |
| Veeam Backup & Replication | =11.0.1.1261-p20220302 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-26504?
CVE-2022-26504 is a vulnerability that allows attackers to execute arbitrary code in Veeam Backup & Replication 9.5U3, 9.5U4, 10.x, and 11.x.
Which versions of Veeam Backup & Replication are affected by CVE-2022-26504?
Veeam Backup & Replication versions 9.5U3, 9.5U4, 10.x, and 11.x are affected by CVE-2022-26504.
What is the severity of CVE-2022-26504?
CVE-2022-26504 has a severity rating of 8.8 (critical).
How can this vulnerability be exploited?
This vulnerability can be exploited by attackers to execute arbitrary code via Veeam.Backup.PSManager.exe.
How can I fix CVE-2022-26504?
To fix CVE-2022-26504, update Veeam Backup & Replication to a version that is not affected by the vulnerability.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- vendor/veeam
- canonical/veeam backup & replication
- version/veeam backup & replication/10.0.0.4442
- version/veeam backup & replication/11.0.0.825
- version/veeam backup & replication/9.5.0.1536
- version/veeam backup & replication/9.5.4.2615
- version/veeam backup & replication/10.0.1.4854
- version/veeam backup & replication/10.0.1.4854-p20201202
- version/veeam backup & replication/10.0.1.4854-p20210609
- version/veeam backup & replication/10.0.1.4854-p20220304
- version/veeam backup & replication/11.0.1.1261
- version/veeam backup & replication/11.0.1.1261-p20211123
- version/veeam backup & replication/11.0.1.1261-p20211211
- version/veeam backup & replication/11.0.1.1261-p20220302