Veeam logo

Patch now! Critical vulnerability in Veeam’s Backup Enterprise Manager

Veeam has issued an advisory about several vulnerabilities in its Backup Enterprise Manager (VBEM).

Veeam has published an advisory about a critical vulnerability (with a CVSS score of 9.8 out of 10) in its Backup Enterprise Manager (VBEM) that allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user.

VBEM is a web-based platform that enables administrators to manage Veeam Backup and Replication installations via a web console.

Deploying VBEM is optional, so not all environments will have it installed. As such, if VBEM is not deployed in your environment, you are not at risk from the vulnerabilities covered in this update.

An attacker with access to, and control over, your backups could seriously disrupt your backup plan and leave you at their mercy when it comes to file recovery. Ransomware gangs are known to target backups and could potentially use a vulnerability like this to destroy your backups, or as leverage to extract a ransom.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE Veeam warned about is listed as CVE-2024-29849. Other vulnerabilities covered in the same patch are:

  • CVE-2024-29850 (CVSS score 8.8 out of 10): A vulnerability in Veeam Backup Enterprise Manager which allows account takeover via NTLM relay.
  • CVE-2024-29851 (CVSS score 7.2 out of 10): A vulnerability in Veeam Backup Enterprise Manager which allows a high-privileged user to steal the NTLM hash of the Veeam Backup Enterprise Manager service account if that service account is anything other than the default Local System account.
  • CVE-2024-29852 (CVSS score 2.7 out of 10): A vulnerability in Veeam Backup Enterprise Manager which allows high-privileged users to read backup session logs.

All these vulnerabilities were patched with the release of Backup Enterprise Manager version 12.1.2.172, which is packaged with Backup and Replication version 12.1.2 (build 12.1.2.172).


We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in check by using ThreatDown’s Vulnerability Assessment and Patch Management solutions.