May 22, 2024 at 12:33AM
Veeam Backup Enterprise Manager users are advised to update to version 12.1.2.172 due to a critical security flaw (CVE-2024-29849, CVSS 9.8) that allows unauthorized access. Three other vulnerabilities have been disclosed as well. Notably, environments without Veeam Backup Enterprise Manager are not affected. Other recent fixes include flaws in Veeam Agent for Windows and Veeam Service Provider Console.
Key takeaways from the meeting notes:
– Users of Veeam Backup Enterprise Manager are urged to update to version 12.1.2.172 due to the discovery of critical security flaws, including CVE-2024-29849, which allows unauthenticated access to the web interface.
– Other vulnerabilities impacting the same product have been disclosed, including CVE-2024-29850, CVE-2024-29851, and CVE-2024-29852, all of which have been addressed in the latest version.
– Deploying Veeam Backup Enterprise Manager is optional, and environments without it installed are not impacted by the flaws.
– The company has also resolved a local privilege escalation flaw affecting the Veeam Agent for Windows and a critical remote code execution bug impacting Veeam Service Provider Console.
Let me know if you need any further information or if there’s anything else I can assist you with.