Severity Level: High
Title:
Vulnerability in Veeam Backup Enterprise Manager
Summary:
Vulnerabilities Details:
• CVE-2024-40715
• Severity: High • CVSS v3.1 Score: 7.7 • The vulnerability allows attackers to bypass authentication in Veeam Backup Enterprise Manager while performing a Man-in-the-Middle (MITM) attack.
This could potentially lead to unauthorized access to sensitive backup data and configurations.
• Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to backup data, modify backup configurations, and compromise the integrity of backup systems.
Affected Products:
• Veeam Backup Enterprise Manager (VBEM) version 12.2.0.334 and earlier
Mitigation:
• For Veeam Backup Enterprise Manager 12.2.0.334: • Apply the hotfix provided in Veeam KB4682
• For Veeam Backup Enterprise Manager 12.1.2.172 or older: • Upgrade to version 12.2.0.334 using the latest Veeam Backup & Replication ISO
Recommendations:.
applying the mitigation or workaround provided by Veeam
References:
click here