Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

September 5, 2024 at 01:09PM Veeam has released security updates to fix 18 flaws, including 5 critical vulnerabilities allowing remote code execution in products such as Veeam Backup & Replication and Veeam ONE. The updates also address 13 other high-severity issues, and users are advised to update to the latest versions promptly to mitigate potential … Read more

Veeam warns of critical RCE flaw in Backup & Replication software

September 5, 2024 at 10:23AM Veeam has released a security bulletin addressing 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and ONE. The most severe is a remote code execution vulnerability on Veeam Backup & Replication, posing a high risk of ransomware exploitation. Multiple critical vulnerabilities have also been … Read more

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

June 13, 2024 at 01:25PM A proof-of-concept exploit for Veeam Recovery Orchestrator vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha. The exploit allows unauthenticated access to the web UI with administrative privileges due to a hardcoded JWT secret. Veeam’s security bulletin suggests upgrading to patched versions and provides conditions required to … Read more