Search In Site

Security Alerts

Severity Level: High

Title: 

Vulnerability in Veeam Backup Enterprise Manager

Summary:

Vulnerabilities Details:

• CVE-2024-40715

• Severity: High • CVSS v3.1 Score: 7.7 • The vulnerability allows attackers to bypass authentication in Veeam Backup Enterprise Manager while performing a Man-in-the-Middle (MITM) attack.

 This could potentially lead to unauthorized access to sensitive backup data and configurations.

• Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to backup data, modify backup configurations, and compromise the integrity of backup systems.

 Affected Products:

• Veeam Backup Enterprise Manager (VBEM) version 12.2.0.334 and earlier

Mitigation:

• For Veeam Backup Enterprise Manager 12.2.0.334:  • Apply the hotfix provided in Veeam KB4682

• For Veeam Backup Enterprise Manager 12.1.2.172 or older:  • Upgrade to version 12.2.0.334 using the latest Veeam Backup & Replication ISO

Recommendations:.
applying the mitigation or workaround provided by Veeam

References:

click here