Veeam Patches Critical Vulnerabilities in Enterprise Products

Veeam Patches Critical Vulnerabilities in Enterprise Products

September 6, 2024 at 08:00AM

Veeam announced patches for critical-severity bugs this week, impacting its enterprise products. The vulnerabilities could lead to remote code execution and sensitive information disclosure. The flaws affect various Veeam solutions including Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and other plugins. Users are advised to update installations promptly.

From the meeting notes, the main takeaways are:

1. Veeam announced patches for multiple vulnerabilities in its enterprise products, including critical-severity bugs that could lead to remote code execution (RCE).
2. The vulnerabilities impacted various Veeam products such as Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and various Veeam Backup plug-ins.
3. These vulnerabilities include critical-severity issues that could be exploited remotely without authentication, leading to arbitrary code execution, as well as high-severity flaws that could result in sensitive information disclosure, modification of multi-factor authentication settings, file removal, interception of sensitive credentials, local privilege escalation, etc.
4. All these vulnerabilities were resolved with the release of specific updated versions of the impacted products.
5. Users are advised to update their installations as soon as possible, as threat actors are known to have exploited vulnerable Veeam products in attacks, although Veeam makes no mention of any specific vulnerabilities being exploited in the wild.

Let me know if you need further details or additional information.

Full Article