Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands


Veeam has announced patches for a high-severity vulnerability in Backup Enterprise Manager that could be exploited remotely, without authentication. Tracked as CVE-2024-40715 (CVSS score of 7.7), the bug can be exploited by a remote attacker by performing a man-in-the-middle (MiTM) attack to bypass authentication. To address this flaw, Veeam has released a hotfix for Backup Enterprise Manager 12.2.0.334 and included the hotfix in repackaged images for Veeam Backup & Replication and Veeam Data Platform that were released on November 6. The hotfix requires the existing Veeam Backup Enterprise Manager deployment to be running 12.2.0.334. You can check which version of Veeam Backup Enterprise Manager is installed by viewing the About section of the Configuration view, Veeam notes in its advisory.

Read More


thumb-image

Solutions