Veeam warns of critical RCE flaw in Backup & Replication software

Veeam published a September 2024 bulletin addressing 18 high/critical vulnerabilities across Veeam Backup & Replication, Service Provider Console, and Veeam ONE — including a critical unauthenticated RCE (CVE-2024-40711, CVSS 9.8) that can enable full system takeover and compromise backups; patches are available and organizations should upgrade immediately due to the high risk of backup theft or deletion and prior targeting by ransomware groups.