Comprehensive data protection for all workloads
Post Reply
mjr.epicfail
Veeam Legend
Posts: 633
Liked: 181 times
Joined: Apr 22, 2022 12:14 pm
Full Name: Danny de Heer
Contact:

Veeam kb4879 only VSA or also VIA

Post by mjr.epicfail »

Hi all,

Just found out about kb4879.
This KB describes a vulnerability on the linux version of the Veeam update component.
I was wondering if the VIA deployments are also affected, they probably use the same update component only there is no reference of this on the KB.
VMCE / Veeam Legend 2*
Mildur
Product Manager
Posts: 12005
Liked: 3413 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Veeam kb4879 only VSA or also VIA

Post by Mildur »

Hi Danny,

Since Veeam Updater is deployed on both appliance types, I would perform the update for both VSA and VIA.
Regarding the official statement, I’m checking with my colleagues.

Best,
Fabian
Product Management Analyst @ Veeam Software
Mildur
Product Manager
Posts: 12005
Liked: 3413 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Veeam kb4879 only VSA or also VIA

Post by Mildur »

Hi Danny,

We have updated the KB and can confirm that any appliance — Veeam Software Appliance or Veeam Infrastructure Appliance — is impacted by this vulnerability. This also applies to Veeam Infrastructure Appliances managed by a Windows-based backup server.

The same solution documented in the KB can also be applied to Veeam Infrastructure Appliances managed by a Windows-based backup server.

Best,
Fabian
Product Management Analyst @ Veeam Software
dejan.ilic
Enthusiast
Posts: 54
Liked: 5 times
Joined: Apr 11, 2019 11:37 am
Full Name: Dejan Ilic
Contact:

Re: Veeam kb4879 only VSA or also VIA

Post by dejan.ilic »

The page is marked for v13, but the text seems to cover only v12.
I suppose you will have to update the page once again to avoid confusion.

"Product: Veeam Backup & Replication | 13"
Mildur
Product Manager
Posts: 12005
Liked: 3413 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Veeam kb4879 only VSA or also VIA

Post by Mildur »

Hi Dejan,

Thanks for your feedback, but there is nothing wrong with the versioning in the KB.

The vulnerability mentioned in the KB applies to Veeam Updater on our appliances. Since appliances are available starting with Veeam Backup & Replication v13.0.*, the product category in the KB is "Veeam Backup & Replication v13".
The Veeam Updater has not yet the same version number as VBR. The version after the update will be v12.3.0.65.

Our next minor update, Veeam Backup & Replication v13.1, will include a new updater with the same minor version as the backup server — Veeam Backup & Replication v13.1.**** and Veeam Updater v13.1.****.

If you are still on Veeam Backup & Replication v12, then you are not impacted by this vulnerability.

Best,
Fabian
Product Management Analyst @ Veeam Software
Post Reply

Who is online

Users browsing this forum: Google [Bot], Semrush [Bot] and 203 guests