26 matches found
PT-2024-28796 · Veeam · Veeam Backup Enterprise Manager
Name of the Vulnerable Software and Affected Versions: Veeam Backup Enterprise Manager affected versions not specified Description: A vulnerability has been identified in Veeam Backup Enterprise Manager. Recommendations: At the moment, there is no information about a newer version that contains a...
Veeam Backup Enterprise Manager AuthorizeByVMwareSsoToken Improper Certificate Validation Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Veeam Backup Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of security tokens. The issue results from imprope...
The vulnerability in the Web Console Management Console of Veeam Backup Enterprise Manager allows a perpetrator to bypass authentication procedures.
The vulnerability of the Veeam Backup Enterprise Manager web management console relates to access to a channel from a non-endpoint location. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures...
CVE-2024-40715
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle MITM attack to exploit this vulnerability...
Vulnerabilities fixed in Veeam Backup Enterprise Manager
Veeam has fixed vulnerabilities in Backup Enterprise Manager. A malicious party could exploit the vulnerabilities to access user accounts active within Enterprise Manager without prior authentication to gain access to sensitive data within the context of the acquired account, and potentially...
CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager VBEM web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating ...
Exploit for Improper Authentication in Veeam Veeam_Backup_\&_Replication
CVE-2024-29849 Veeam Backup Enterprise Manager Authentication...
CVE-2024-29852
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs...
CVE-2024-29849
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface...
CVE-2024-29850
Veeam Backup Enterprise Manager allows account takeover via NTLM relay...
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 CVSS score: 9.8, the vulnerability could allow an...
Veeam Backup Enterprise Manager 安全漏洞
Veeam Backup Enterprise Manager is a centralized management and monitoring tool from Veeam USA. A security vulnerability exists in Veeam Backup Enterprise Manager that originates from allowing an elevated privilege user to steal NTLM hashes of service accounts...
PT-2024-23085
Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager affected versions not specified Description The issue allows high-privileged users to read backup session logs. There is no information provided about the estimated number of potentially affected devices worldwi...
PT-2024-23084
Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager affected versions not specified Description The issue allows account takeover via NTLM relay. There is no information provided about the estimated number of potentially affected devices worldwide or details abou...
PT-2024-3760
Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager affected versions not specified Description Veeam Backup Enterprise Manager has a flaw that allows unauthenticated users to log in as any user to the enterprise manager web interface. The vulnerability resides i...
How to Collect Logs for Veeam Backup Enterprise Manager
Purpose This article documents how to collect logs from Veeam Backup Enterprise Manager. Solution Automated Log Collection 1. Connect to the Enterprise Manager Website 2. Click Configuration in the top-right corner. 3. In the Configuration section, on the left side, click About. 4. At the bottom ...
Unable to install Backup Enterprise Manager
Challenge Attempting to install Backup Enterprise Manager results in a 'fail' during port selection, with the specified HTTPS Port being unavailable. Cause The port is already consumed by the World Wide Web Publishing Service Solution Disable the World Wide Web Publishing Service, proceed with th...
Attempting to upgrade/install Backup Enterprise Manager to v9 – Error: “No such service found”
While attempting to upgrade/install Veeam Backup Enterprise Manager to v9 the error “No such service found” occurs. For this KB to be applicable the following errors must be found within the CatalogSe...
How to Force Enterprise Manager Login to Use Form-Based Authentication
Article Applicability This article applies to Veeam Backup & Replication 12.x and older, as in those versions, the default was for Veeam Backup Enterprise Manager to utilize a Windows Authentication pop-up key="useWindowsAuth" value="true". Starting in Veeam Backup Enterprise Manager v13, the...
Enterprise Manager: Failed to create website 0x80070020
Challenge Attempting to install/upgrade Veeam Backup Enterprise Manager fails with the following error: Failed to create website 0x80070020 Cause Local antivirus or antimalware software is interfering with the installation process. Solution Disable any local antivirus or antimalware software and...