CVE-2021-35971: 
Veeam Backup & Replication vulnerability analysis and mitigation

Veeam Backup and Replication versions 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 contained a vulnerability related to mishandling deserialization during Microsoft .NET remoting. The vulnerability was discovered and reported by Markus Wulftange from Code White, and was assigned CVE-2021-35971 on June 30, 2021 (CVE Mitre, NVD).

The vulnerability was identified as a deserialization issue in the Microsoft .NET remoting functionality of Veeam Backup and Replication. The CVSS v3.1 base score for this vulnerability is 9.8 (Critical), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates the vulnerability can be exploited remotely with no required privileges or user interaction (NVD).

Given the critical CVSS score and vector details, successful exploitation of this vulnerability could lead to remote code execution with high impacts on confidentiality, integrity, and availability of the affected systems (NVD).

Veeam addressed this vulnerability by releasing patches for both affected versions. Users of version 10 should upgrade to build 10.0.1.4854 P20210609 or later, while users of version 11 should upgrade to build 11.0.0.837 P20210507 or later. The patches include changes to the Microsoft .NET remoting deserialization logic (Veeam KB4126, Veeam KB4180).