Nikita Petrov

**Name of the Vulnerable Software and Affected Versions** Veeam Service Provider Console versions prior to 8.1.0.21377 **Description** A vulnerability in Veeam Service Provider Console has been identified, which allows an attacker to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. This issue is related to insufficient protection of service data. The vulnerability can be exploited by sending specially crafted HTTP requests. It is estimated that over 2500 vulnerable systems are accessible from the internet, with the majority located in the USA and Turkey. Among the users of Veeam products are 74% of companies from the Forbes Global 2000 list, making this vulnerability particularly attractive to hackers. **Recommendations** For Veeam Service Provider Console versions prior to 8.1.0.21377, update to version 8.1.0.21377 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable service to minimize the risk of exploitation. Avoid using the vulnerable console until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GLPI versions 10.0.0 through 10.0.10 **Description** The issue is related to the incorrect neutralization of special elements used in SQL commands, which can allow a remote attacker to modify the logic of a database query by injecting arbitrary SQL operators. The GLPI inventory endpoint can be used to drive a SQL injection attack. **Recommendations** For versions 10.0.0 through 10.0.10, update to version 10.0.11 to resolve the issue. As a temporary workaround, consider disabling the native inventory endpoint until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GLPI versions 10.0.0 through 10.0.10 **Description** The issue is related to incorrect neutralization of special elements in output, which can allow a remote attacker to execute arbitrary code. The LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document on PHP 7.4 only. **Recommendations** For versions 10.0.0 through 10.0.10, update to version 10.0.11 to resolve the issue. As a temporary workaround, consider restricting access to the LDAP server configuration form until the update is applied. Avoid using the LDAP server configuration form to upload or execute arbitrary code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Veeam Backup & Replication versions 10.x through 11.x **Description** The issue is related to incorrect access control in the Veeam Backup & Replication Distribution Service, which can be exploited by a remote attacker to execute arbitrary code by uploading specially crafted data through TCP port 9380. This is a remote code execution vulnerability. **Recommendations** For versions 10.x through 11.x, update to a version that includes the fix for the incorrect access control issue. As a temporary workaround, consider restricting access to TCP port 9380 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Veeam Backup & Replication versions 9.5U3 through 9.5U4, 10.x, and 11.x **Description** An improper limitation of path names allows remote authenticated users to access internal API functions. This access could allow attackers to upload and execute arbitrary code. The issue is related to the Distribution Service and involves deficiencies in access control. Exploitation occurs through the TCP port `9380`. The vulnerability allows attackers to upload specially crafted data. **Recommendations** Veeam Backup & Replication versions 9.5U3 through 9.5U4 should be updated. Veeam Backup & Replication 10.x should be updated. Veeam Backup & Replication 11.x should be updated.

**Name of the Vulnerable Software and Affected Versions** Veeam Agent for Windows versions 2.0 through 5.x **Description** The issue is related to the deserialization of untrusted data, which can be exploited by sending specially crafted data through TCP-port 9395. This allows local users to run arbitrary code with local system privileges. **Recommendations** For versions 2.0 through 5.x, consider disabling the deserialization mechanism until a patch is available. Restrict access to TCP-port 9395 to minimize the risk of exploitation. Avoid using untrusted data in the deserialization process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agentejo Cockpit versions prior to 0.11.2 **Description** The issue allows NoSQL injection via the `check` function in `Controller/Auth.php`. **Recommendations** For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `check` function in `Controller/Auth.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Agentejo Cockpit versions prior to 0.11.2 **Description** The issue allows NoSQL injection via the `newpassword` function in the `Controller/Auth.php` file. **Recommendations** For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `newpassword` function in the `Controller/Auth.php` file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Agentejo Cockpit versions prior to 0.11.2 **Description** The issue allows NoSQL injection via the `resetpassword` function in the `Controller/Auth.php` file. **Recommendations** For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `resetpassword` function in the `Controller/Auth.php` file until the update is applied.