CVE-2022-26501

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions 10.x through 11.x

Description The issue is related to incorrect access control in the Veeam Backup & Replication Distribution Service, which can be exploited by a remote attacker to execute arbitrary code by uploading specially crafted data through TCP port 9380. This is a remote code execution vulnerability.

Recommendations For versions 10.x through 11.x, update to a version that includes the fix for the incorrect access control issue. As a temporary workaround, consider restricting access to TCP port 9380 to minimize the risk of exploitation.