CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.5%
This article describes all security-related fixes and improvements introduced in each release or update of Veeam Backup & Replication.
The goal of this article is to provide our customers’ security and compliance teams with detailed information on security improvements between releases, in order to help them make an informed decision on whether it is critical to upgrade from their current Veeam Backup & Replication version to a latter one.
PuTTY updated to version 0.81
VMware Virtual Disk Development Kit (VDDK) was updated to 7.0.3.4 to address CVE-2023-38545.
Microsoft .NET 6.0.25 was updated to 6.0.29.
Microsoft WebView2 was updated to 123.0.2420.81.
PostgreSQL installer was updated to 15.6.1.
Curl was updated to 8.5.
Vulnerability CVE-2024-29849 in Veeam Backup Enterprise Manager was fixed.
Vulnerability CVE-2024-29850 in Veeam Backup Enterprise Manager was fixed.
Vulnerability CVE-2024-29851 in Veeam Backup Enterprise Manager was fixed.
Vulnerability CVE-2024-29852 in Veeam Backup Enterprise Manager was fixed.
Vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Distribution Service were fixed.
These vulnerabilities were reported by Nikita Petrov (Positive Technologies).
Vulnerability (CVE-2022-26504) in Veeam.Backup.PSManager was fixed.
Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows was fixed.
_This vulnerability was reported by Nikita Petrov (Positive Technologies).
_
.NET remoting communication security has been improved.
Data Mover communication protocol security has been improved.
Agent Management architecture security has been improved.
Veeam Explorers integration security has been improved
Veeam Backup Enterprise Manager Web App configuration and headers security has been improved.
Addressed issues which could cause sensitive information logged in certain circumstances.
Third-party libraries in FLR and SureBackup helper appliance have been updated to current versions.
Sustansys.Saml2 has been updated to version 2.7 to address known vulnerabilities.
LZ4 compression library version has been updated to version 1.9.2
Vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Distribution Service were fixed.
These vulnerabilities were reported by Nikita Petrov (Positive Technologies).
Vulnerability (CVE-2022-26504) in Veeam.Backup.PSManager was fixed.
Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows was fixed.
_This vulnerability was reported by Nikita Petrov (Positive Technologies).
_
As we’re establishing this new process, we appreciate any feedback on the content or format of this KB article. Please let us know in the corresponding topic on the Veeam Community Forums. If your feedback is too sensitive to be shared publicly, please submit it by opening a support case. We highly appreciate your collaboration!
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Vendor | Product | Version | CPE |
---|---|---|---|
veeam | veeam_backup_\&_replication | 12.2 | cpe:2.3:a:veeam:veeam_backup_\&_replication:12.2:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 12.1 | cpe:2.3:a:veeam:veeam_backup_\&_replication:12.1:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 12 | cpe:2.3:a:veeam:veeam_backup_\&_replication:12:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 11 | cpe:2.3:a:veeam:veeam_backup_\&_replication:11:*:*:*:*:*:*:* |
veeam | veeam_backup_\&_replication | 10 | cpe:2.3:a:veeam:veeam_backup_\&_replication:10:*:*:*:*:*:*:* |
veeam | veeam_backup_for_google_cloud | 12 | cpe:2.3:a:veeam:veeam_backup_for_google_cloud:12:*:*:*:*:*:*:* |
veeam | veeam_backup_for_google_cloud | 11 | cpe:2.3:a:veeam:veeam_backup_for_google_cloud:11:*:*:*:*:*:*:* |
veeam | veeam_backup_for_google_cloud | 10 | cpe:2.3:a:veeam:veeam_backup_for_google_cloud:10:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.5%