Veeam has released a fix for a critical vulnerability allowing unauthorized access to the Backup Enterprise Manager web console, along with two high-severity flaws, urging customers to update to version 12.1.2
172; the most severe vulnerability, CVE-2024-29849, has a CVSS score of 9.8, permitting an attacker to log in as any user, and for those unable to immediately update, recommendations include halting VBEM services; this follows previous attacks on Veeam systems and emphasizes the critical nature of keeping backup and replication software secure, especially regarding ransomware threats. https://www.scmagazine.com/news/veeam-patches-critical-flaw-that-puts-enterprise-backups-at-risk