Veeam Service Provider Console: Critical vulnerability threatens client backups
Veeam's Backend-as-a-Service and Disaster Recovery-as-a-Service platform Service Provider Console is vulnerable.
(Image: Artur Szczybylo/Shutterstock.com)
With Veeam Service Provider Console (VSPC), admins can check the integrity of customer backups, among other things. However, two security vulnerabilities jeopardize the software. The developers have now released a repaired version.
Systems can be compromised
Videos by heise
A warning message states that in both cases, attackers must have authentication to access the management agent. If this requirement is met, they can execute malicious code (CVE-2024-42448"critical") or access NTLM hashes (CVE-2024-42449"high").
According to the developers, these security issues have been resolved in VSPC version 8.1.0.21999. All previous editions of the 8 and 7 version lines are at risk. Veeam states that versions that are no longer in support may also be affected. However, they have not tested this. The software manufacturer recommends an upgrade for security reasons.
At the beginning of November this year, Veeam warn ed of security vulnerabilities in Backup Enterprise Manager.
(des)
