A vulnerability has been found that could allow an unauthenticated user to request encrypted credentials and potentially access your backup infrastructure hosts. It affects every version of the software.
Veeam has issued patches for V11 and V12 to combat this flaw. It’s important that you update your installations as soon as possible. The patches can be found at https://www.veeam.com/kb4424 as well as a guide for securing your system. Alternatively, if you’re utilizing an all-in-one Veeam appliance without remote infrastructure components, you should block external connections to port TCP 9401 in your backup server’s firewall as a temporary fix until the patch is installed.
If you would like assistance with patching your environment, please contact us.
Jonah May is a Veeam Certified Engineer, a Veeam Certified Architect, and has been a Veeam Vanguard for three years. The Veeam Vanguard program recognizes top influencers in the Veeam community who have demonstrated exceptional expertise in Veeam products and solutions. Jonah's contributions to the Veeam community have been invaluable, and he has played a key role in shaping the future of the industry.