Tag
Vulnerability in Veeam Backup & Replication Allowing Remote Code Execution (CVE-2026-44963)
3 rules 2 TTPs 1 CVE 2 IOCsA critical remote code execution vulnerability, tracked as CVE-2026-44963, has been discovered in Veeam Backup & Replication versions prior to 12.3.2.4854, which could allow an unauthenticated attacker to execute arbitrary code on affected systems, leading to full compromise of the backup infrastructure and potential data exfiltration or destruction.
Multiple Vulnerabilities in Veeam Products Allow Remote Code Execution
2 rules 1 TTP 1 CVEMultiple vulnerabilities in Veeam ONE and Service Provider Console allow remote code execution (CVE-2026-32998) and an unspecified security issue, potentially leading to complete system compromise.
Multiple Critical Vulnerabilities in Veeam Backup & Replication Allow Remote Code Execution
2 rules 3 TTPsMultiple critical vulnerabilities in Veeam Backup & Replication, including CVE-2026-21666, CVE-2026-21668, CVE-2026-21669, CVE-2026-21670, CVE-2026-21671, CVE-2026-21672, and CVE-2026-21708, allow for remote code execution, privilege escalation, and arbitrary file manipulation by authenticated users, potentially leading to a complete compromise of the backup infrastructure.
Potential Veeam Credential Access via SQL Commands
2 rules 5 TTPsAttackers can leverage sqlcmd.exe or PowerShell commands like Invoke-Sqlcmd to access Veeam credentials stored in MSSQL databases, potentially targeting backups for destructive operations such as ransomware attacks.
Veeam Backup Library Loaded by Unusual Process
2 rules 3 TTPsDetects potential credential decryption operations by PowerShell or unsigned processes using the Veeam.Backup.Common.dll library, indicating potential credential access attempts to target backups as part of destructive operations.