Critical Vulnerabilities in Veeam Backup & Replication

06 September 2024 

On 04 September 2024, Veeam published several, in parts critical vulnerabilities related to their Veeam Backup & Replication data backup solution.

All Veeam Backup & Replication versions <= 12.1.2.172 are affected. The security gaps have been closed with the current version 12.2.0.334 of Veeam Backup & Replication.

For further details, please refer to KB4649: Veeam Security Bulletin (September 2024). The BSI (German Federal Office for Information Security) has listed the vulnerability under WID-SEC-2024-2058 and rates the overall threat with an CVSS score of 10.0.

List of closed vulnerabilities: CVE-2024-39718 CVE-2024-40710 CVE-2024-40712 CVE-2024-40713 CVE-2024-40714 CVE-2024-40711

We recommend that all users of VEEAM Backup & Replication update to the latest version as soon as possible. If you have further questions or require support, please contact our Customer Support.

VIVAVIS AG does not use the other Veeam products listed under KB4649.

RSS-Feed

Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader: https://www.vivavis.com/en/category/it-security-en/feed/

You can find out how to integrate the RSS feed into Outlook here.