Operational Defect Database
BugZero found this defect 256 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4491
Security Issue in Microsoft Azure Plug-In for Veeam Backup & Replication
Last update date:
9/7/2023
Affected products:
Veeam Backup & Replication
Affected releases:
12
Fixed releases:
No fixed releases provided.
Description:
Issue Details
This article highlights a security-related issue in Microsoft Azure Plug-In for Veeam Backup & Replication 12.1.5.99 that may allow a user accessing the Veeam Backup & Replication server to obtain the administrator credentials of the Veeam Backup for Microsoft Azure backup appliance, potentially allowing an attacker to gain access to the Veeam Backup for Microsoft Azure appliance. This issue explicitly affects any environment where an existing deployment of Veeam Backup for Microsoft Azure was upgraded to version 5a while using Microsoft Azure Plug-In for Veeam Backup & Replication version 12.1.5.99. During the appliance upgrade process, administrator credentials were requested to update the Veeam Backup for Microsoft Azure backup appliance's operating system from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS. That Veeam Backup for Microsoft Azure backup appliance administrator password was stored in the Updater log file: C:\ProgramData\Veeam\Backup\Plugins\Microsoft Azure\Logs\<backup_appliance_name>\Veeam.Azure.Updater.
Solution
To address this issue, Veeam has released a new build of Microsoft Azure Plug-In for Veeam Backup & Replication. It is advised to install this update as soon as possible. Issue fixed starting in: Microsoft Azure Plug-In for Veeam Backup & Replication 12.1.5.106
