CVE-2022-26500

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. Vendor/Product: Veeam Backup & Replication. Added to CISA KEV 2022-12-13; required action: Apply updates per vendor instructions.