Security News > 2024 > May > Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
2024-05-22 03:45
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as
News URL
https://thehackernews.com/2024/05/critical-veeam-backup-enterprise.html
Related news
- Veeam warns of critical Backup Enterprise Manager auth bypass bug (source)
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) (source)
- Veeam says critical flaw can't be abused to trash backups (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-22 | CVE-2024-29849 | Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | 0.0 |