+1Hi
Just to inform that there is a vulnerability in the .NET core runtime.
This is installed for the Veeam AWS, Azure & Google plug-ins.
reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43877
updates: https://dotnet.microsoft.com/en-us/download/dotnet/3.1
Please update your Veeam servers.
Regards
+11This vulnerability was released on Dec 14, 2021. Is there a new one? https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-43007/Microsoft-.net-Core.html
+1This vulnerability was released on Dec 14, 2021. Is there a new one? https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-43007/Microsoft-.net-Core.html
No but didn’t found it mentioned..
+14Thanks for the hint
+13This one?
https://www.cvedetails.com/cve/CVE-2021-34485/
Has a very low score… but thanks for sharing! :)
+14Thank you for taking the time to share.
+1This one?
https://www.cvedetails.com/cve/CVE-2021-34485/
Has a very low score… but thanks for sharing! :)
This was the CVE I mentioned.
https://www.cvedetails.com/cve/CVE-2021-43877/
is a bit higher CVSS Score, but still low. (4.6)
+1Don’t know about other companies, but here everything .NET 3.1.x related was wiped from all server and only .NET 6.x is now allowed. .NET 3.1.x is EOL since 12/22, it was a LTS release released 3 years ago. New LTS releases 6.x and 8.x are available.
The dependency to .NET 3.1.x broke Veeam One Reporter and VB4Azure plugin. And even worse, Veeam One 12 still has the dependency to 3.1.x.
This really leaves me wondering how this could either be missed or why it was silently be accepted be Veeam.
+11Don’t know about other companies, but here everything .NET 3.1.x related was wiped from all server and only .NET 6.x is now allowed. .NET 3.1.x is EOL since 12/22, it was a LTS release released 3 years ago. New LTS releases 6.x and 8.x are available.
The dependency to .NET 3.1.x broke Veeam One Reporter and VB4Azure plugin. And even worse, Veeam One 12 still has the dependency to 3.1.x.
This really leaves me wondering how this could either be missed or why it was silently be accepted be Veeam.
I actually had this concern from my comment on this post. Kindly take a look at
+1I know how to update to latest 3.1.x. This does not help as 3.1.x is simply EOL and considered evil.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
