CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Intended audience for this update
The update on this page is provided as a courtesy to customers who wish to remain on Veeam Backup & Replication 10a for an extended time.
When possible, users are advised to upgrade to the latest version instead of deploying this patch.
This 10a release may only upgrade to 11a or higher.
The build of Veeam Backup & Replication 10a P20220304 listed in this article is only compatible with upgrading to Veeam Backup & Replication11_a_ (11.0.1.1261) or higher.
Any attempt to upgrade to v11 (11.0.0.837) will fail.
Before installing this Cumulative Patch using the Patch Installer, please confirm that you are running Veeam Backup & Replication 10_a_ (builds 10.0.1.4854, 10.0.1.4854 P20201202, or 10.0.1.4854 P20210609).****You can check the build number underHelp | Aboutin the backup console. After the upgrade, your build number will be10.0.1.4854 P20220304.
If you are running any Veeam Backup & Replication version between 9.5 U3 (9.5.0.1536) and 10 (10.0.0.4461 P2), you must use the ISO below to upgrade to version 10a P20220304.
Veeam Cloud Connect tenants: ensure that your service provider uses version 11 P20210507 or later for their Cloud Connect infrastructure before deploying this patch.
**Veeam Cloud Connect service providers:**this patch cannot be deployed on the Cloud Connect infrastructure servers running version 10a. Please upgrade directly to version 11 instead.
Vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Distribution Service were fixed.
These vulnerabilities were reported by Nikita Petrov (Positive Technologies).
Vulnerability (CVE-2022-26504) in Veeam.Backup.PSManager was fixed.
Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows was fixed.
This vulnerability was reported by Nikita Petrov (Positive Technologies).
This v10a update prevents updating to v11
Installation of the patch on this page (P20220304
) will prevent upgrading to version 11 and will only be compatible with an upgrade to version** 11_a_**.
If version 10_a_ is already installed, update to Cumulative Patch P20220304 using the following patch installer:
MD5:64f1cc8f3b6ce46a5bbd9f2b16cc5810
SHA-1:ae58874b16c120fa54d79fd559cd0596e7f0e417
For new installations and upgrades from previous versions, use the following ISO, which has the most recent Cumulative Patch built-in:
MD5: 5c8901cb798f5473bc189d08eb0c72c0
SHA1: 4810681af5ce592608a7fae5c296419f599f7042
Reboot may be required
Please note that a reboot may be required after installing the update.
Please plan accordingly.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Vendor | Product | Version | CPE |
---|---|---|---|
veeam | veeam_backup_\&_replication | 10 | cpe:2.3:a:veeam:veeam_backup_\&_replication:10:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High