Versions (7)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Veeam Backup Manager Authentication Bypass (CVE-2024-29849)
alert http any any -> any any (msg: "ATTACK [PTsecurity] Veeam Backup Manager Authentication Bypass (CVE-2024-29849)"; flow: established, from_server; http.response_body; content: "RequestSecurityTokenResponse"; content: "urn:oasis:names:tc:SAML:2.0:assertion"; distance: 0; content: "<Code>"; distance: 0; content: "status/valid"; distance: 0; xbits: isset, CVE-2024-29849.POST, track ip_src; reference: cve, 2024-29849; reference: url, summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10011481; rev: 1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules