CVE-2024-29849
published 2024-05-22CVE-2024-29849: Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
PriorityP275critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
16.67%
96.6th percentile
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_replication | >= 11.0.1.1261 P20240304 < 11.0.1.1261 P20240304 | 11.0.1.1261 P20240304 |
| veeam | backup_replication | >= 12.1.2.172 < 12.1.2.172 | 12.1.2.172 |
| veeam | veeam_backup_replication | < 12.1.2.172 | 12.1.2.172 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for inbound unauthenticated requests to TCP port 9398 (Veeam REST API) containing crafted VMware SSO tokens with attacker-controlled SSO service URLs in the XML payload. ↗
- →Detect outbound SOAP/HTTP requests from the Veeam Backup Enterprise Manager host to external or unexpected URLs, which may indicate the service is being redirected to an attacker-controlled validation server. ↗
- →Alert on successful logins to the VBEM web interface from untrusted or external IP addresses, especially those immediately followed by enumeration of file servers, which is used as proof-of-exploitation in the public PoC. ↗
- ·The vulnerability exists in Veeam Backup Enterprise Manager (VBEM); patched in version 12.1.2.172. Instances not yet upgraded remain fully exploitable by unauthenticated remote attackers. ↗
- ·A public proof-of-concept exploit is available, significantly lowering the bar for exploitation. No in-the-wild exploitation was confirmed at time of reporting, but this may change rapidly. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Exploit for critical Veeam auth bypass available, patch now
blogs_bleepingcomputer·2024-06-10·CVSS 9.8
CVE-2024-29849 [CRITICAL] Exploit for critical Veeam auth bypass available, patch now
## Exploit for critical Veeam auth bypass available, patch now
## Bill Toulas
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform restoration operations across an organization's backup infrastructure and large-scale deployments.
Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM's web interface as any user.
The vendor urged its customers
Checkpoint
27th May – Threat Intelligence Report
blogs_checkpoint·2024-05-27
CVE-2024-5274 27th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 27th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th May, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
A data breach has exposed 500GB of Indian biometric data, affecting Indian police, military personnel, and other public workers during elections in India. The leak stemmed from unsecured databases managed by ThoughtGreen Technologies and Timing Technologies, comprising sensitive information like fingerprints and facial scans. The
Bleepingcomputer
Veeam warns of critical Backup Enterprise Manager auth bypass bug
blogs_bleepingcomputer·2024-05-21·CVSS 7.5
[HIGH] Veeam warns of critical Backup Enterprise Manager auth bypass bug
## Veeam warns of critical Backup Enterprise Manager auth bypass bug
## Sergiu Gatlan
Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).
VBEM is a web-based platform that enables administrators to manage Veeam Backup & Replication installations via a single web console. It helps control backup jobs and perform restoration operations across an organization's backup infrastructure and large-scale deployments.
It's important to note that VBEM isn't enabled by default, and not all environments are susceptible to attacks exploiting the CVE-2024-29849 vulnerability, which Veeam has rated with a CVSS base score of 9.8/10.
"This vulnerability in Veeam Backup Ent
2024-05-22
Published