Security News > 2024 > May > Veeam warns of critical Backup Enterprise Manager auth bypass bug
![Veeam warns of critical Backup Enterprise Manager auth bypass bug](/static/build/img/news/veeam-warns-of-critical-backup-enterprise-manager-auth-bypass-bug-medium.jpg)
VBEM is a web-based platform that enables administrators to manage Veeam Backup & Replication installations via a single web console.
It's important to note that VBEM isn't enabled by default, and not all environments are susceptible to attacks exploiting the CVE-2024-29849 vulnerability, which Veeam has rated with a CVSS base score of 9.8/10. "This vulnerability in Veeam Backup Enterprise Manager allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user," the company explains.
If not currently in use, Veeam Backup Enterprise Manager can also be uninstalled using these instructions to remove the attack vector.
Today, Veeam also patched two high-severity VBEM vulnerabilities, one that allows account takeover via NTLM relay and a second one that enables high-privileged users to steal the Veeam Backup Enterprise Manager service account's NTLM hash if it's not configured to run as the default Local System account.
In March 2023, Veeam patched a high-severity vulnerability in the Backup & Replication software that could be exploited to breach backup infrastructure hosts.
GitHub warns of SAML auth bypass flaw in Enterprise Server.
News URL
Related news
- Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (source)
- Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) (source)
- Veeam says critical flaw can't be abused to trash backups (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-22 | CVE-2024-29849 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | 0.0 |