Veeam Backup & Replication Remote Code Execution Vulnerability as Postgres User

A remote code execution vulnerability has been identified in Veeam Backup & Replication version 13.0.1.180 and all earlier version 13 builds. This vulnerability allows a Backup Administrator to execute arbitrary code as the postgres user by sending a malicious password parameter.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system, with the executed code running under the privileges of the postgres user.

Remediation

This vulnerability has been fixed in Veeam Backup & Replication version 13.0.1.1071. Users are advised to update to this version.