Veeam says critical flaw can’t be abused to trash backups

May 23, 2024 at 10:41AM Veeam addressed a critical vulnerability in its Backup Enterprise Manager, CVE-2024-29849, which could allow unauthorized access to the VBEM web interface. Although attackers could log in as any user, Veeam confirmed that the flaw wouldn’t lead to backups being deleted due to the immutable backups and authorization measures. Customers are … Read more

Critical Veeam Vulnerability Leads to Authentication Bypass

May 22, 2024 at 09:03AM Veeam released a Backup & Replication update addressing four vulnerabilities, including a critical Backup Enterprise Manager bug allowing unauthenticated access. The update also resolves high-severity issues related to NTLM relay attacks and stealing NTLM hash. Users are advised to update installations due to potential exploitation by threat actors. Based on … Read more

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

May 22, 2024 at 12:33AM Veeam Backup Enterprise Manager users are advised to update to version 12.1.2.172 due to a critical security flaw (CVE-2024-29849, CVSS 9.8) that allows unauthorized access. Three other vulnerabilities have been disclosed as well. Notably, environments without Veeam Backup Enterprise Manager are not affected. Other recent fixes include flaws in Veeam … Read more