HI Team,
So last week, we've upgraded the OLE SQL driver on our VeeamOne server from ver 18.7.2.0 to 19.4.1.0 as we're being flagged by our Security Team - since ver 18.7.2.0 is vulnerable as per CVE-2024-37334 - Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. (released July 2024).
Before this, we've consulted with Veeam Support if the latest version is acceptable or compatible with our current VeeamOne version 12.3.0.4670 .They confirmed we can use the latest version so we've proceeded with this action plan.
after the upgrade , this cleared the Vulnerability flag , however we've got a lot of errors accessing both VeeamOne client and Monitoring . with database inaccessible even if we're able to connect with MSSMS, restarted VeeamDCS and VeeamRSS and rebooted the server but this didn't fix the issue.
We had to reinstall the old version 18.7.2.0 (as per VeeamOne Support) - this fixed the issue but with VeeamOne server back in the 'list of servers with vulnerability".
Since the latest version has broken our VeeamOne setup – could you please include a plan to update OLE driver version to the latest or if not to the latest – perhaps higher than 18.7.2.0. on the future VeeamOne Patches?
Reference: Veeam Support - Case # 07796980
-
tanyababes
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Oct 22, 2024 3:32 am
- Full Name: Tanya Legaspi
- Contact:
-
jorgedlcruz
- Veeam Software
- Posts: 1625
- Liked: 701 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: VeeamOne OLE SQL driver version
Hello Tanya,
Thank you so much for the report. We have a rigorous procedure where we check all the packages and dependencies, and we keep them updated either via hotfix, but most commonly via minor releases and updates.
I am confirming internally regarding this specific case and will update the thread as soon as I know the plan on when we can have a release with the up to date OLE SQL driver component.
Thank you!
Thank you so much for the report. We have a rigorous procedure where we check all the packages and dependencies, and we keep them updated either via hotfix, but most commonly via minor releases and updates.
I am confirming internally regarding this specific case and will update the thread as soon as I know the plan on when we can have a release with the up to date OLE SQL driver component.
Thank you!
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2025 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2025 / InfluxAce / Grafana Champion
-
jorgedlcruz
- Veeam Software
- Posts: 1625
- Liked: 701 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: VeeamOne OLE SQL driver version
Quick update, Tanya,
I have confirmed that we updated the OLE SQL driver we ship by default to 18.7.4, which fix that specific issue. And I have confirmed with QA that you are safe to update to 18.7.4, make sure you do backup, or snapshot before, etc.
All the information can be found on the official Microsoft Documentation: However, and it is mentioned there in the document, v19.x introduces breaking changes and that is what it happened on your environment for what I can see in the support case.
Double check with your internal security team if 18.7.4 is enough, as it fixes the vulnerability, and upgrade. Keep us posted.
Thank you so much!
I have confirmed that we updated the OLE SQL driver we ship by default to 18.7.4, which fix that specific issue. And I have confirmed with QA that you are safe to update to 18.7.4, make sure you do backup, or snapshot before, etc.
All the information can be found on the official Microsoft Documentation: However, and it is mentioned there in the document, v19.x introduces breaking changes and that is what it happened on your environment for what I can see in the support case.
Double check with your internal security team if 18.7.4 is enough, as it fixes the vulnerability, and upgrade. Keep us posted.
Thank you so much!
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2025 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2025 / InfluxAce / Grafana Champion
Who is online
Users browsing this forum: No registered users and 1 guest