Access Control: Veeam Backup & Replication - Unauthenticated¶
Identifier:
cve_2024_40711
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Veeam Backup & Replication contains a deserialization of untrusted data vulnerability that can allow unauthenticated remote code execution when malicious payloads are processed.
How we test: We test for unsafe deserialization vulnerabilities in Veeam Backup & Replication by sending malicious deserialization payloads without authentication and analyzing responses to detect if remote code execution is possible.
Reference:
- https://x.com/codewhitesec/status/1831720125747069389?s=46
- https://www.veeam.com/kb4649
- https://nvd.nist.gov/vuln/detail/CVE-2024-40711
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.