NA

CVE-2024-29849

Published: 22/05/2024 Updated: 24/05/2024

Vulnerability Summary

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Vulnerability Trend

Github Repositories

Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)

CVE-2024-29849 Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849) by Sina Kheirkhah (@SinSinology) of SummoningTeam (@SummoningTeam) Technical Analysis A root cause analysis of the vulnerability can be found on my blog

Recent Articles

Exploit for critical Veeam auth bypass available, patch now
BleepingComputer • Bill Toulas • 10 Jun 2024

Exploit for critical Veeam auth bypass available, patch now By Bill Toulas June 10, 2024 11:05 AM 0 A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform...

Veeam warns of critical Backup Enterprise Manager auth bypass bug
BleepingComputer • Sergiu Gatlan • 21 May 2024

Veeam warns of critical Backup Enterprise Manager auth bypass bug By Sergiu Gatlan May 21, 2024 06:24 PM 0 ​Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). VBEM is a web-based platform that enables administrators to manage Veeam Backup & Replication installations via a single web console. It helps control backup jobs and perform restoration operations ...

Veeam says critical flaw can't be abused to trash backups
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources It's still a rough one, so patch up

Veeam says the recent critical vulnerability in its Backup Enterprise Manager (VBEM) can't be used by cybercriminals to delete an organization's backups. Rated 9.8 out of a possible 10, exploiting CVE-2024-29849 could allow attackers the chance to log into the VBEM web interface without the need for authentication. The flaw would allow attackers to log in as any user, but Veeam's security advisory didn't detail the vulnerability in any great depth, opening up questions about the potential impact...