Article Details

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass. Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. The company has also disclosed three other shortcomings impacting the same product - All the flaws have been addressed in version 12.1.2.172. However, Veeam noted that deploying Veeam Backup Enterprise Manager is optional and that environments that do not have it installed are not impacted by the flaws. In recent weeks, the company has also resolved a local privilege escalation flaw affecting the Veeam Agent for Windows (CVE-2024-29853, CVSS score: 7.2) and a critical remote code execution bug impacting Veeam Service Provider Console (CVE-2024-29212, CVSS score: 9.9).