Security News > 2024 > September > Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
2024-09-05 16:05
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1
News URL
https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Major security audit of critical FreeBSD components now available (source)
- AlmaLinux 9.5 released: Security updates, new packages, and more! (source)
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- Wireshark 4.4.2: Security updates, bug fixes, updated protocol support (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-42024 | A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | 0.0 |
| 2024-09-07 | CVE-2024-40711 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420 A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | 9.8 |