There is a present IT safety alert for Veeam Backup Enterprise Manager. You can discover out what dangers are concerned, what merchandise are affected and what you are able to do right here.
Federal Office for Security in Information Technology (BSI) printed a safety advisory for Veeam Backup Enterprise Manager on May 21, 2024. The software program comprises a number of vulnerabilities that could possibly be exploited by attackers. The safety vulnerability impacts Linux and Windows working programs and the Veeam Backup Enterprise Manager product
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Veeam Backup Enterprise Manager Advisory (Stop: 21.05.2024).
Multiple Vulnerabilities Reported by Veeam Storage Business Manager – Vulnerability: High
Risk degree: 5 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc programs. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on varied metrics to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally keep in mind adjustments over time within the danger scenario. The danger of the vulnerability talked about right here is assessed as “excessive” in accordance with the CVSS with a base rating of 9.8.
Veeam Backup Enterprise Manager Bug: Vulnerabilities and CVE numbers
Veeam Backup Enterprise Manager is an non-compulsory web-based administration and reporting console for Veeam Backup & Replication.
A distant, unknown attacker might exploit a number of vulnerabilities in Veeam Backup Enterprise Manager to bypass safety measures, escalate privileges, or expose delicate info.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2024-29849, CVE-2024-29850, CVE-2024-29851 and CVE-2024-29852.
Systems affected by the safety hole at a look
Operating programs
Linux, Windows
Products
Veeam Backup Enterprise Manager
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically comprises extra details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly verify the desired sources to see if a brand new safety replace is offered.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug studies, safety fixes and workarounds.
Veeam Backup Enterprise Manager Advisory vom 2024-05-21 (21.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for Veeam Backup Enterprise administrator. This doc can be up to date as updates are introduced. You can examine adjustments or additions on this model historical past.
May 21, 2024 – First model
+++ Editorial observe: This doc is predicated on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de