Veeam reveals critical security bug in Backup Enterprise Manager tool

A patch is already available, so download now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Veeam has discovered, and fixed, a critical-severity vulnerability in its Veeam Backup Enterprise Manager (VBEM) tool.

The vulnerability, tracked as CVE-2024-29849 (via BleepingComputer) is described as anauthenticationbypass flaw, allowing pretty much anyone to sign into any account on the platform. It carries a security score of 9.8, deeming it “critical”.

VBEM is a centralized management and monitoring tool for Veeam Backup & Replication environments. It is designed for large-scale, or enterprise-level deployments, and provides a unified interface where admins can manage, monitor, and control backup operations across multiple Veeam Backup & Replication servers.

Patching more flaws

It’s also worth mentioning that VBEM is not turned on by default, and not all companies using it are vulnerable. Still, everyone is advised to apply the patch as soon as possible.

Those that cannot do that immediately, are advised to disable the VeeamEnterpriseManagerSvc and VeeamRESTSvc services. Completely uninstalling Veeam Backup Enterprise Manager is also a viable option. More details can be found onthe relevant help pageon the company’s website.

The first version unaffected by the bug is VBEM 12.1.2.172, as confirmed by the company .

In its latest security advisory, Veeam also said it patched two additional VBEM flaws, one which allowed for account takeover via NTLM relay (tracked as CVE-2024-29850), and one that enables high-privileged users to steal the Veeam Backup Enterprise Manager service account’s NTLM hash (in scenarios where it’s not configured to run as the default Local System account). This one’s tracked as CVE-2024-29851.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Logitech Brio 105 for Business review