Security News > 2024 > May > Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
2024-05-22 03:45
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as
News URL
https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html
Related news
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-22 | CVE-2024-29849 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | 0.0 |