Operational Defect Database
BugZero found this defect 2253 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb2462
Sensitive data types in Veeam Backup & Replication and Veeam Backup for Microsoft 365 log files
Last update date:
4/21/2022
Affected products:
Veeam Backup & Replication
Veeam Backup for Microsoft 365
Veeam Cloud Connect
Affected releases:
ALL
Fixed releases:
No fixed releases provided.
Description:
Challenge
When you open a support ticket, Veeam Customer Support specialists may request log files. These log files may contain information to which the terms of the data protection laws or internal company policies apply.
Veeam Backup & Replication
Veeam Backup & Replication log files may include the following types of sensitive data: User names. Object names that are specific for a customer infrastructure, such as hosts, datastores, VMs, clusters. VM file names and paths. FQDN/Hostname or NetBIOS names. IP addresses (IPv4 and IPv6). Customer-specific paths to backup files. Names of backup files. SharePoint information, such as database names, paths to databases, SharePoint site URL. Exchange information, such as database names, paths to databases. SQL information, such as database and instance name, paths to databases. Oracle information, such as database name, home name, Oracle SID, database global name, paths to databases. File copy information, such as customer-specific paths and names of files. File to tape information, such as customer-specific paths and names of files.
Veeam Backup
Veeam Backup for Microsoft 365 log files may include the following types of sensitive data: User names and user IDs. Object names that are specific for a customer infrastructure, such as hosts and their hardware configuration, local data storage, and object storage repository. FQDN/Hostname or NetBIOS names. IP addresses (IPv4 and IPv6). Customer-specific paths to backup files. Path to the Veeam license file and license information. Certificate thumbprints. Azure AD application name, ID, and assigned permissions. Assigned Microsoft Office 365 roles. SharePoint and OneDrive information, such as SharePoint IDs, SharePoint site URLs, SharePoint hierarchy, names of files, names of SharePoint lists, site collection membership, information about existing sharing links, and SharePoint settings. Exchange information, such as addresses of user mailboxes, mailbox IDs, mailboxes hierarchy, subjects of the Exchange items (for example, Email, Calendars, Meetings), and their modification date. Groups information: such as group membership, group mailbox address, and group owner address. Teams information, such as teams names, channels names, names of backup files, members of a team and their roles, channel settings. Exported data information, such as customer-specific paths and names of files.
More Information
The Veeam Customer Support team may provide a log scrubbing utility upon request. For more information on how we process the collected data, please visit: https://vee.am/processing_of_sensitive_data
