What is CVE-2022-26504?

CVE-2022-26504 is a vulnerability that allows attackers to execute arbitrary code in Veeam Backup & Replication 9.5U3, 9.5U4, 10.x, and 11.x.

Which versions of Veeam Backup & Replication are affected by CVE-2022-26504?

Veeam Backup & Replication versions 9.5U3, 9.5U4, 10.x, and 11.x are affected by CVE-2022-26504.

What is the severity of CVE-2022-26504?

CVE-2022-26504 has a severity rating of 8.8 (critical).

How can this vulnerability be exploited?

This vulnerability can be exploited by attackers to execute arbitrary code via Veeam.Backup.PSManager.exe.

How can I fix CVE-2022-26504?

To fix CVE-2022-26504, update Veeam Backup & Replication to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2022-26504

critical

CWE

287

17/3/2022

3/8/2024

CVE-2022-26504

First published: Thu Mar 17 2022(Updated: )

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Veeam Backup \& Replication	>=10.0.0.4442<10.0.1.4854
Veeam Backup \& Replication	>=11.0.0.825<11.0.1.1261
Veeam Backup \& Replication	=9.5.0.1536
Veeam Backup \& Replication	=9.5.4.2615
Veeam Backup \& Replication	=10.0.1.4854
Veeam Backup \& Replication	=10.0.1.4854-p20201202
Veeam Backup \& Replication	=10.0.1.4854-p20210609
Veeam Backup \& Replication	=10.0.1.4854-p20220304
Veeam Backup \& Replication	=11.0.1.1261
Veeam Backup \& Replication	=11.0.1.1261-p20211123
Veeam Backup \& Replication	=11.0.1.1261-p20211211
Veeam Backup \& Replication	=11.0.1.1261-p20220302
Veeam Veeam Backup \& Replication	>=10.0.0.4442<10.0.1.4854
Veeam Veeam Backup \& Replication	>=11.0.0.825<11.0.1.1261
Veeam Veeam Backup \& Replication	=9.5.0.1536
Veeam Veeam Backup \& Replication	=9.5.4.2615
Veeam Veeam Backup \& Replication	=10.0.1.4854
Veeam Veeam Backup \& Replication	=10.0.1.4854-p20201202
Veeam Veeam Backup \& Replication	=10.0.1.4854-p20210609
Veeam Veeam Backup \& Replication	=10.0.1.4854-p20220304
Veeam Veeam Backup \& Replication	=11.0.1.1261
Veeam Veeam Backup \& Replication	=11.0.1.1261-p20211123
Veeam Veeam Backup \& Replication	=11.0.1.1261-p20211211
Veeam Veeam Backup \& Replication	=11.0.1.1261-p20220302

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-26504?
CVE-2022-26504 is a vulnerability that allows attackers to execute arbitrary code in Veeam Backup & Replication 9.5U3, 9.5U4, 10.x, and 11.x.
Which versions of Veeam Backup & Replication are affected by CVE-2022-26504?
Veeam Backup & Replication versions 9.5U3, 9.5U4, 10.x, and 11.x are affected by CVE-2022-26504.
What is the severity of CVE-2022-26504?
CVE-2022-26504 has a severity rating of 8.8 (critical).
How can this vulnerability be exploited?
This vulnerability can be exploited by attackers to execute arbitrary code via Veeam.Backup.PSManager.exe.
How can I fix CVE-2022-26504?
To fix CVE-2022-26504, update Veeam Backup & Replication to a version that is not affected by the vulnerability.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/tags
agent/event
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/veeam
canonical/veeam backup \& replication
version/veeam backup \& replication/10.0.0.4442
version/veeam backup \& replication/11.0.0.825
version/veeam backup \& replication/9.5.0.1536
version/veeam backup \& replication/9.5.4.2615
version/veeam backup \& replication/10.0.1.4854
version/veeam backup \& replication/10.0.1.4854-p20201202
version/veeam backup \& replication/10.0.1.4854-p20210609
version/veeam backup \& replication/10.0.1.4854-p20220304
version/veeam backup \& replication/11.0.1.1261
version/veeam backup \& replication/11.0.1.1261-p20211123
version/veeam backup \& replication/11.0.1.1261-p20211211
version/veeam backup \& replication/11.0.1.1261-p20220302
canonical/veeam veeam backup \& replication
version/veeam veeam backup \& replication/10.0.0.4442
version/veeam veeam backup \& replication/11.0.0.825
version/veeam veeam backup \& replication/9.5.0.1536
version/veeam veeam backup \& replication/9.5.4.2615
version/veeam veeam backup \& replication/10.0.1.4854
version/veeam veeam backup \& replication/10.0.1.4854-p20201202
version/veeam veeam backup \& replication/10.0.1.4854-p20210609
version/veeam veeam backup \& replication/10.0.1.4854-p20220304
version/veeam veeam backup \& replication/11.0.1.1261
version/veeam veeam backup \& replication/11.0.1.1261-p20211123
version/veeam veeam backup \& replication/11.0.1.1261-p20211211
version/veeam veeam backup \& replication/11.0.1.1261-p20220302