The release version of Veeam ONE 12.2 is available on August 28th, 2024.
The vulnerabilities documented in these sections were fixed starting in the 12.2 build.
All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and affect Veeam ONE 12.1.0.3208 and all earlier version 12 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
This vulnerability was reported via HackerOne.
Severity: Critical
CVSS v3.1 Score: 9.1
CVE-2024-42019
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
Severity: Critical
CVSS v3.1 Score: 9.0
CVE-2024-42023
A vulnerability that allows low-privileged users to execute code with Administrator privileges remotely.
Severity: High
CVSS v3.1 Score: 8.8
CVE-2024-42021
A vulnerability that allows an attacker with valid access tokens to access saved credentials.
Severity: High
CVSS v3.1 Score: 7.5
CVE-2024-42022
A vulnerability that allows an attacker to modify product configuration files.
Severity: High
CVSS v3.1 Score: 7.5
CVE-2024-42020
A vulnerability in Reporter Widgets that allows HTML injection.
Severity: High
CVSS v3.1 Score: 7.3
The details are as link https://www.veeam.com/kb4649
1.Login to the Veeam ONE Server.
2.Sign in to your Veeam account and download the Veeam ONE software.
3.Mount the Veeam ONE v12.2 ISO image file.
4.Run Setup.exe.
5.On the User Account Control page, click Yes.
6.On the Veeam ONE 12.2 page, click Upgrade.
7.Select Upgrade Veeam One on the Veeam One page.
8.On the License Agreement page, select I accept.
9.Click Next on the Upgrade page.
10.There are two options to install the license. To use license file in my case.
11.Select Browse license file on the License page.
12.Select a valid license file for Veeam One v12.2 and click Open.
13.Click Next on the License page.
14.On the Service Account page, click Browse and select the user account as a service account.
Note:
The service account must have Local Administrator permissions on the machine where VeeamONE is installed.
15.Enter the password and click Next.
16.Click Next on the Database page.
17.Click Upgrade on the Ready to Upgrade page.
18.There are four steps to install Veeam ONE.
19.Click Finish on the Completing Veeam ONE 12.2 Upgrade Wizard page.
I hope you enjoy this post.
Cary Sun
X: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com
Amazon Author: Amazon.com/author/carysun
Author: Cary Sun
Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.
Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun
