Apache isn’t used by any Veeam product, however, the Veeam security team realized an investigation. Veeam products are not affected by this vulnerability (KB 4254). Basically, Apache Logs4J is not in use by any Veeam products. I’ll cross-post any important updates but you can see the thread yourself here.
About Log4J Vulnerability:
Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code from a remote location controlled by the attacker. The second stage, what the downloaded malicious code does next, is fully up to the attacker. This library is used by many software vendors and service providers globally as a standardized way of handling log messages within the software.
Here’s a step-by-step guide Log4J Remediations & Recommendations.
Backup with Trusted Repository Storage: Blog Post.
Step by Step Guide Veeam B&R 11 Upgrade: Guide.
Veeam CDP and Application consistency: Blog Post.
Veeam improves the engine in version 11: Blog Post.
Veeam B&R v11 and ReFS: Blog Post.
Veeam B&R 11 – Continuous Data Protection: Blog Post.
Microsoft Teams Backup with VBO v5: Blog Post.
Protect your Backup against Ransomware: Blog Post.