Despite attackers being able to log into VBEM as any user and the privileges that come with that, it confirmed to The Register that exploiting the flaw couldn't possibly lead to backups being deleted.
Because of our immutable backups and/or four-eyes authorization, the threat actor would receive an access denied error upon attempting to delete backups.
When a vulnerability is identified and disclosed, attackers will still attempt to exploit and reverse-engineer the patches to use the vulnerability on an unpatched version of Veeam software in their exploitation attempts.
Collection
[
|
...
]