Hello SPs,
Please note that Veeam released yesterday the 12.1.2 version of VBR and it has many new features, tons of fixes and has even some CVEs covered, some which are critical so you should patch when you can.
Find the update here - KB4510: Release Information for Veeam Backup & Replication 12.1 and Updates
Here are the CVEs mentioned mainly for VEM and one for VAW -
Veeam Backup Enterprise Manager (VBEM)
- CVE-2024-29849 | Severity: Critical (9.8)
This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.- CVE-2024-29850 | Severity: High (8.8)
This Vulnerability in Veeam Backup Enterprise Manager allows account takeover via NTLM relay.- CVE-2024-29851 | Severity: High (7.2)
This vulnerability in Veeam Backup Enterprise Manager allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account.- CVE-2024-29852 | Severity: Low (2.7)
This vulnerability in Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.Veeam Agent for Windows (VAW)
- CVE-2024-29853 | Severity: High (7.8)
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
