Improper Authentication in Veeam Backup for Google Cloud by Veeam
CVE-2022-43549

9.8CRITICAL

Key Information:

Vendor: Veeam
Status: Veeam Backup For Google Cloud
Vendor: CVE Published:; 5 December 2022

Summary

Veeam Backup for Google Cloud is susceptible to an improper authentication vulnerability that enables attackers to circumvent authentication mechanisms, potentially leading to unauthorized access. This issue affects version 1.0 and version 3.0 of the product, emphasizing the importance of immediate remediation to protect sensitive data and ensure the integrity of backup processes.

Affected Version(s)

Veeam Backup for Google Cloud 1.0, 3.0

References

https://www.veeam.com/kb4374

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2022
Vulnerability Reserved
Oct 20, 2022