Operational Defect Database

BugZero found this defect 227 days ago.

Veeam | kb4491

Security Issue in Microsoft Azure Plug-In for Veeam Backup & Replication

Last update date:

9/7/2023

Affected products:

Veeam Backup & Replication

Affected releases:

12

Fixed releases:

No fixed releases provided.

Description:

Issue Details

This article highlights a security-related issue in Microsoft Azure Plug-In for Veeam Backup & Replication 12.1.5.99 that may allow a user accessing the Veeam Backup & Replication server to obtain the administrator credentials of the Veeam Backup for Microsoft Azure backup appliance, potentially allowing an attacker to gain access to the Veeam Backup for Microsoft Azure appliance. This issue explicitly affects any environment where an existing deployment of Veeam Backup for Microsoft Azure was upgraded to version 5a while using Microsoft Azure Plug-In for Veeam Backup & Replication version 12.1.5.99. During the appliance upgrade process, administrator credentials were requested to update the Veeam Backup for Microsoft Azure backup appliance's operating system from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS. That Veeam Backup for Microsoft Azure backup appliance administrator password was stored in the Updater log file: C:\ProgramData\Veeam\Backup\Plugins\Microsoft Azure\Logs\<backup_appliance_name>\Veeam.Azure.Updater.

Solution

To address this issue, Veeam has released a new build of Microsoft Azure Plug-In for Veeam Backup & Replication. It is advised to install this update as soon as possible. Issue fixed starting in: Microsoft Azure Plug-In for Veeam Backup & Replication 12.1.5.106

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Solved

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...