The release version of Veeam ONE 12.2 is available on August 28th, 2024.
The vulnerabilities documented in these sections were fixed starting in the 12.2 build.
All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and affect Veeam ONE 12.1.0.3208 and all earlier version 12 builds.
Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
This vulnerability was reported via HackerOne.
Severity: Critical
CVSS v3.1 Score: 9.1
CVE-2024-42019
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
Severity: Critical
CVSS v3.1 Score: 9.0
CVE-2024-42023
A vulnerability that allows low-privileged users to execute code with Administrator privileges remotely.
Severity: High
CVSS v3.1 Score: 8.8
CVE-2024-42021
A vulnerability that allows an attacker with valid access tokens to access saved credentials.
Severity: High
CVSS v3.1 Score: 7.5
CVE-2024-42022
A vulnerability that allows an attacker to modify product configuration files.
Severity: High
CVSS v3.1 Score: 7.5
CVE-2024-42020
A vulnerability in Reporter Widgets that allows HTML injection.
Severity: High
CVSS v3.1 Score: 7.3
The details are as link https://www.veeam.com/kb4649
1.Login to the Veeam ONE Server.
2.Sign in to your Veeam account and download the Veeam ONE software.
3.Mount the Veeam ONE v12.2 ISO image file.
4.Run Setup.exe.
5.On the User Account Control page, click Yes.
6.On the Veeam ONE 12.2 page, click Upgrade.
7.Select Upgrade Veeam One on the Veeam One page.
8.On the License Agreement page, select I accept.
9.Click Next on the Upgrade page.
10.There are two options to install the license. To use license file in my case.
11.Select Browse license file on the License page.
12.Select a valid license file for Veeam One v12.2 and click Open.
13.Click Next on the License page.
14.On the Service Account page, click Browse and select the user account as a service account.
Note:
The service account must have Local Administrator permissions on the machine where VeeamONE is installed.
15.Enter the password and click Next.
16.Click Next on the Database page.
17.Click Upgrade on the Ready to Upgrade page.
18.There are four steps to install Veeam ONE.
19.Click Finish on the Completing Veeam ONE 12.2 Upgrade Wizard page.
I hope you enjoy this post.
Cary Sun
X: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com
Amazon Author: Amazon.com/author/carysun