Featured Story
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
The most severe of the problems addressed is CVE-2024-40711, a critical (CVSS v3.1) vulnerability in Backup & Replication (VBR) that can be exploited without authentication.
VBR is used to manage and secure backup infrastructure for enterprises, so it plays a critical role in data protection. As it can serve as a pivot point for lateral movement, it is considered a high-value target for ransomware operators.
The vulnerabilities in this article are fixed in the following versions:
- Veeam Backup & Replication 12.2 (build 12.2.0.334)
- Veeam Agent for Linux 6.2 (build 6.2.0.101)
- Veeam ONE v12.2 (build 12.2.0.4093)
- Veeam Service Provider Console v8.1 (build 8.1.0.21377)
- Veeam Backup for Nutanix AHV Plug-In v12.6.0.632
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299
Other Stories
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
CVE-2024-45195 (CVSS 7.5) in Apache OFBiz could allow unauthenticated remote code execution. The vulnerability affects all versions before 18.12.16.
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
CVE-2024-44000 affects LiteSpeed Cache ≤6.4.1, allowing account takeover by unauthenticated users. Fixed in version 6.5.0.1.
WARNING: Progress Patched 3 SQL Injection Vulnerabilities in WhatsUp Gold
Version 2024.0.0 of WhatsUp Gold patches CVE-2024-6670, CVE-2024-6671 (unauthenticated credential theft), and CVE-2024-6672 (privilege escalation).
Contact the Approach Cyber SOC team for tailored support and training programs.
