Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Users of Veeam Backup Enterprise Manager are urged to update to version 12.1.2.172 to remediate multiple high- and critical-severity vulnerabilities — including an unauthenticated login bypass (CVE-2024-29849, CVSS 9.8) and a critical RCE in Veeam Service Provider Console (CVE-2024-29212, CVSS 9.9). The report highlights related NTLM relay/hash-theft issues and reminds readers that prior Veeam flaws have been exploited by groups such as FIN7 and Cuba to deploy malware and ransomware, increasing the urgency to patch.