Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code.
The vulnerability affects Veeam Service Provider Console 8.1.0.21377 and all earlier versions 8 and 7 builds.
Veeam also addressed another vulnerability that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.
Both vulnerabilities have been addressed in version 8.1.0.21999 and organizations are recommended to upgrade to the latest version of the software.