A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
References
| Link | Resource |
|---|---|
| https://www.veeam.com/kb4649 | Vendor Advisory |
Configurations
History
17 Jun 2026, 07:46
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (es) Una serie de vulnerabilidades relacionadas de alta gravedad, la más notable de las cuales permite la ejecución remota de código (RCE) como cuenta de servicio y la extracción de información confidencial (credenciales y contraseñas guardadas). Para explotar estas vulnerabilidades se requiere un usuario al que se le haya asignado un rol con pocos privilegios dentro de Veeam Backup & Replication |
01 May 2025, 18:13
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Veeam veeam Backup \& Replication
Veeam |
|
| References | () https://www.veeam.com/kb4649 - Vendor Advisory | |
| CPE | cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:* |
09 Sep 2024, 17:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-522 |
09 Sep 2024, 13:03
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
07 Sep 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-09-07 17:15
Updated : 2026-06-17 07:46
NVD link : CVE-2024-40710
Mitre link : CVE-2024-40710
CVE.ORG link : CVE-2024-40710
JSON object : View
Products Affected
veeam
- veeam_backup_\&_replication
CWE
CWE-522
Insufficiently Protected Credentials