COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-26500

CVE-2022-26500

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-12-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-26500
⚡ RCE ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wild

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Players implicated

Veeam · vendorBackup & Replication · product

Description

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.