I'm running Veeam 12.0.0.1420 P20230718.
A 3rd-party security scan found two 9.8 CVEs with the Microsoft .NET Runtime - 6.0.12 (x64) used by the above install. (CVE-2023-36049, CVE-2024-0057).
Does Veeam 12.0.0.1420 support the latest 6.0.26 .NET and asp.core libraries?
I couldn't find much info on the recommended procedure here. I assume we'd install the updates and reboot the server?
Suggestions welcome. Thanks.
-
ReealityPrime
- Novice
- Posts: 3
- Liked: never
- Joined: Jun 26, 2018 7:02 pm
- Contact:
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2294 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Anyone patching .NET libraries for CVEs?
Hi ReealityPrime
All version 6 builds of .NET are supported by our plugins. You can update.
https://helpcenter.veeam.com/docs/backu ... m-plug-ins
Our most recent ISO (v12.1.1) deploys version 6.0.25. Which I understand is affected by CVE-2024-0057. I will talk to our security team if we can update the ISO to the latest 6.0.26.
Best,
Fabian
All version 6 builds of .NET are supported by our plugins. You can update.
https://helpcenter.veeam.com/docs/backu ... m-plug-ins
Our most recent ISO (v12.1.1) deploys version 6.0.25. Which I understand is affected by CVE-2024-0057. I will talk to our security team if we can update the ISO to the latest 6.0.26.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: Semrush [Bot] and 123 guests