Security News > 2024 > September > Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
2024-09-05 16:05
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1
News URL
https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Update Your iPhone Now to Fix Safari Security Flaw (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Windows 11 update breaks Veeam recovery, causes connection errors (source)
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware (source)
- Windows "inetpub" security fix can be abused to block future updates (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-42024 | Unspecified vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591 A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | 8.8 |
| 2024-09-07 | CVE-2024-40711 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420 A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | 9.8 |