CVE-2022-26500: Veeam Backup & Replication Remote Code Execution
Veeam Backup & Replication Remote Code Execution Vulnerability. The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
- CISA KEV-listed (remediation due 2023-01-03)
- used in ransomware campaigns
- EPSS 19.0% (95.5% percentile)