Vulnerability in Veeam Backup Enterprise Manager (AL03/241107/CSIRT-ITA)

Some companies that have chosen us

Privacy Officer and Privacy Consultant

CDP Scheme according to ISO/IEC 17024:2012

European Privacy Auditor

ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012

Auditor

According to standard UNI 11697:2017

Lead Auditor ISO/IEC 27001:2022

According to standard ISO/IEC 17024:2012

Data Protection Officer

According to standard ISO/IEC 17024:2012

Anti-Bribery Lead Auditor Expert

According to standard ISO/IEC 17024:2012

ICT Security Manager

According to standard UNI 11506:2017

IT Service Management (ITSM)

According to the ITIL Foundation

Ethical Hacker (CEH)

According to the EC-Council

Network Defender (CND)

According to the EC-Council

Computer Hacking Forensics Investigator (CHFI)

According to the EC-Council

Penetration Testing Professional (CPENT)

According to the EC-Council

Professional qualifications

Select your topics of interest:

Privacy & Data Protection

Training & Knowledge

Audit & Certification

Governance & Awareness

Cyber & Intelligence

Legal & Compliance

E-mail*

CYBER ALERT

Home / CYBER ALERT

Vulnerability in Veeam Backup Enterprise Manager (AL03/241107/CSIRT-ITA)

Summary

Veeam has announced, through a security bulletin, the presence of a vulnerability with a severity of “high” in Backup Enterprise Manager.

Risk

Estimate of the impact of the vulnerability on the reference community: MEDIUM/YELLOW (63.71/100)¹.

Type

Authentication Bypass

Affected products and versions

Veeam

Backup Enterprise Manager, version 12.1.2.172 and earlier

Mitigation actions

In line with the vendor’s statements, it is recommended to update the vulnerable products following the indications of the security bulletin reported in the References section.

Unique Vulnerability Identifiers

CVE-2024-40715

References

https://www.veeam.com/kb4682

1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

Our services

LEGAL & COMPLIANCE

PRIVACY & DATA PROTECTION

CYBER & INTELLIGENCE

AUDIT & CERTIFICATION

GOVERNANCE & AWARENESS

TRAINING & KNOWLEDGE

Home

Some companies that have chosen us

Professional qualifications

Vulnerability in Veeam Backup Enterprise Manager (AL03/241107/CSIRT-ITA)

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

Adobe: Security Updates (AL03/250312/CSIRT-ITA

Joomla! Updates (AL04/250312/CSIRT-ITA)

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

Schneider Electric: Vulnerabilities discovered in various products (AL03/250311/CSIRT-ITA)

Siemens Product Updates (AL04/250311/CSIRT-ITA)

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

CISCO Product Updates (AL01/230112/CSIRT-ITA)

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

Search in 365TRUST

CYBER ALERT

Apple: 0-day detected in WebKit rendering engine...

Adobe: Security Updates (AL03/250312/CSIRT-ITA

Joomla! Updates (AL04/250312/CSIRT-ITA)

Our services

Home

Some companies that have chosen us

Professional qualifications

Stay up-to-date with world news!

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

Adobe: Security Updates (AL03/250312/CSIRT-ITA

Joomla! Updates (AL04/250312/CSIRT-ITA)

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

Schneider Electric: Vulnerabilities discovered in various products (AL03/250311/CSIRT-ITA)

Siemens Product Updates (AL04/250311/CSIRT-ITA)

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

CISCO Product Updates (AL01/230112/CSIRT-ITA)

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

Search in 365TRUST

CYBER ALERT

Apple: 0-day detected in WebKit rendering engine...

Adobe: Security Updates (AL03/250312/CSIRT-ITA

Joomla! Updates (AL04/250312/CSIRT-ITA)

Our services