What is the severity of CVE-2024-29849?

CVE-2024-29849 is a critical severity vulnerability affecting Veeam Backup Enterprise Manager.

How do I fix CVE-2024-29849?

To fix CVE-2024-29849, update Veeam Backup Enterprise Manager to the latest patched version released by Veeam.

Who is affected by CVE-2024-29849?

Any user of Veeam Backup Enterprise Manager is potentially affected due to the authentication bypass issue.

What kind of attack can exploit CVE-2024-29849?

CVE-2024-29849 can be exploited by unauthenticated users who gain unauthorized access to the Enterprise Manager web interface.

When was CVE-2024-29849 disclosed?

CVE-2024-29849 was disclosed publicly in May 2024.

Vulnerability/
CVE-2024-29849

critical

9.8

CWE

287

22/5/2024

19/9/2024

CVE-2024-29849

First published: Wed May 22 2024(Updated: )

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Veeam Backup Enterprise Manager

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-29849?
CVE-2024-29849 is a critical severity vulnerability affecting Veeam Backup Enterprise Manager.
How do I fix CVE-2024-29849?
To fix CVE-2024-29849, update Veeam Backup Enterprise Manager to the latest patched version released by Veeam.
Who is affected by CVE-2024-29849?
Any user of Veeam Backup Enterprise Manager is potentially affected due to the authentication bypass issue.
What kind of attack can exploit CVE-2024-29849?
CVE-2024-29849 can be exploited by unauthenticated users who gain unauthorized access to the Enterprise Manager web interface.
When was CVE-2024-29849 disclosed?
CVE-2024-29849 was disclosed publicly in May 2024.

collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-29849
alias/CVE-2024-29850
alias/CVE-2024-29851
alias/CVE-2023-27532
alias/CVE-2023-38547
alias/CVE-2023-38548
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
collector/the-register
source/The Register
alias/CVE-2024-29852
agent/references
agent/event
collector/nvd-api
source/NVD
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/tags
agent/softwarecombine
agent/trending
vendor/veeam
canonical/veeam backup enterprise manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.