Query Veeam Vulnerabilities


Userlevel 7
Badge +6
  • Veeam Legend, Veeam Vanguard
  • 771 comments

Hi Community!

Does anybody know, if is possible to query current Vulnerabilities in Veeam software? It should be possible to query the data automatically with APIs like Rest, XML, ... What I mean is something like VMware offers here: (RSS Feed)

https://www.vmware.com/security/advisories.html

I found already this:

https://www.cvedetails.com/vulnerability-list/vendor_id-15994/Veeam.html

But this seems not to be that current.

Maybe @Rick Vanover or @Kseniya, do you have this information?


14 comments

Userlevel 7
Badge +3

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Userlevel 7
Badge +6

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Thanks @regnor ! This could work for VBR and Cloud Connect. But I am looking for something more general, with more structured information.

Userlevel 7
Badge +3

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Maybe it’s just me; however, it is a bit unclear how to find the RSS feed for the page?

Userlevel 7
Badge +3

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Thanks @regnor ! This could work for VBR and Cloud Connect. But I am looking for something more general, with more structured information.


I fear there is no better source as this KB was created because of requests in the R&D forums. I’ve looked it up and here’s the post from Anton (there’s also a KB for the agents): https://forums.veeam.com/post362001.html#p362001

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Maybe it’s just me; however, it is a bit unclear how to find the RSS feed for the page?

I only found out about the RSS possibility because of the post from @jorge.delacruz. But you can only subscribe to the knowledge base, not to certain articles I think.

 

 

Userlevel 7
Badge +4

I have set a notification on some of these KBs with Visualping to get a mail if there is a change on the site.

 

This is not exactly what you are looking for, but it is good to recognize there is something new...

Userlevel 7
Badge +6

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Thanks @regnor ! This could work for VBR and Cloud Connect. But I am looking for something more general, with more structured information.


I fear there is no better source as this KB was created because of requests in the R&D forums. I’ve looked it up and here’s the post from Anton (there’s also a KB for the agents): https://forums.veeam.com/post362001.html#p362001

There’s a KB article for VBR: https://www.veeam.com/kb3103

If you subscribe to the KB itself via RSS, then you should also receive a notification if this article gets updates, or am I wrong?

Maybe it’s just me; however, it is a bit unclear how to find the RSS feed for the page?

I only found out about the RSS possibility because of the post from @jorge.delacruz. But you can only subscribe to the knowledge base, not to certain articles I think.

 

 

Thanks, but I am afraid this isn’t what I am looking for.

Userlevel 7
Badge +6

I have set a notification on some of these KBs with Visualping to get a mail if there is a change on the site.

 

Thanks Joe! Already thought about this option. But I am afraid it is too error-prone to read out the information out of the output.

Userlevel 7
Badge +1

@vNote42 we don’t have something directly equivalent as the VMware page. I’m going to send this to the security team and see if A) we already have something like this existing or B) do we have it planned.

 

Will revert!

Userlevel 7
Badge +6

@vNote42 we don’t have something directly equivalent as the VMware page. I’m going to send this to the security team and see if A) we already have something like this existing or B) do we have it planned.

 

Will revert!

@Rick Vanover  thank you for your efforts!

Userlevel 7
Badge +1

@vNote42 we don’t have something directly equivalent as the VMware page. I’m going to send this to the security team and see if A) we already have something like this existing or B) do we have it planned.

 

Will revert!

@Rick Vanover  thank you for your efforts!

No, thank you Wolfgang. I think the page you reference is a great resource, I have sent it over to the security team.

Userlevel 7
Badge +5

Interesting topic indeed.  If there is something eventually I will pass it to our Security team as well.

Userlevel 7
Badge

For current active vulnerabilities (after authorization from customer), you can use software like Nessus, Qualys or Openvas for third party cve. But this is another IT field, like pentest and vulnscan :)

Userlevel 7
Badge +1

Got an update here on this everyone.  I can confirm this is an initiative underway as we speak. We'll share it here and other vehicles when the mechanism is in place. 

This would be a great secret to share in the weekly recap when it is live @vNote42 and others - as we’ll beat Anton to the news that comes in the Sunday digest. Friday for the win!

Userlevel 7
Badge +5

Got an update here on this everyone.  I can confirm this is an initiative underway as we speak. We'll share it here and other vehicles when the mechanism is in place. 

This would be a great secret to share in the weekly recap when it is live @vNote42 and others - as we’ll beat Anton to the news that comes in the Sunday digest. Friday for the win!

Thanks for the update Rick! Very brave going against the WORD from Gostev!

Comment