A critical security vulnerability in Veeam Backup Enterprise Manager (CVE-2024-29849) was discovered, enabling attackers to bypass authentication, log in, and potentially gain unauthorized access to the web interface. This flaw poses a significant risk as it allows unauthenticated access, compromising the security of the Veeam Backup & Replication environments managed by the Enterprise Manager. The vendor has identified and addressed additional vulnerabilities (CVE-2024-29850, CVE-2024-29851) that could lead to account takeover through NTLM relay attacks and unauthorized access to NTLM hashes of service accounts
Immediate action is advised to mitigate the security risks associated with this critical authentication bypass bug. https://securityaffairs.com/163534/security/veeam-backup-enterprise-manager-cve-2024-29849.html