A vulnerability has been found that could allow an unauthenticated user to request encrypted credentials and potentially access your backup infrastructure hosts. It affects every version of the software.
Veeam has issued patches for V11 and V12 to combat this flaw. It’s important that you update your installations as soon as possible. The patches can be found at https://www.veeam.com/kb4424 as well as a guide for securing your system. Alternatively, if you’re utilizing an all-in-one Veeam appliance without remote infrastructure components, you should block external connections to port TCP 9401 in your backup server’s firewall as a temporary fix until the patch is installed.
If you would like assistance with patching your environment, please contact us.