Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
Exploit for critical Veeam auth bypass available, patch now By Bill Toulas June 10, 2024 11:05 AM 0 A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform...
Veeam warns of critical Backup Enterprise Manager auth bypass bug By Sergiu Gatlan May 21, 2024 06:24 PM 0 Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). VBEM is a web-based platform that enables administrators to manage Veeam Backup & Replication installations via a single web console. It helps control backup jobs and perform restoration operations ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources It's still a rough one, so patch up
Veeam says the recent critical vulnerability in its Backup Enterprise Manager (VBEM) can't be used by cybercriminals to delete an organization's backups. Rated 9.8 out of a possible 10, exploiting CVE-2024-29849 could allow attackers the chance to log into the VBEM web interface without the need for authentication. The flaw would allow attackers to log in as any user, but Veeam's security advisory didn't detail the vulnerability in any great depth, opening up questions about the potential impact...
Vulmon