Operational Defect Database

BugZero found this defect 473 days ago.

Veeam | kb4410

How to Upgrade .NET and ASP.NET Runtimes When Using Veeam ONE 12 GA (build or Lower

Last update date:


Affected products:

Veeam ONE

Affected releases:


Fixed releases:

No fixed releases provided.



This article documents how to upgrade the .NET 3.1.x and ASP.NET 3.1.x runtime to the latest version when using Veeam ONE 12 GA (build or lower. For a list of all versions and build numbers of Veeam ONE, refer to: KB4357 Veeam ONE versions 12 GA (build or lower utilized .NET and ASP.NET 3.1.x runtime components for multiple purposes (e.g., Reporting, Web Services, and more).  The December 2022 Microsoft Security Updates comes with a remote code execution vulnerability fix for NET Core 3.1, .NET 6.0, and .NET 7.0. Those packages should be updated to maintain security.


Software Dependencies If you have Veeam ONE 12 GA (build or lower installed, do not uninstall .NET Core 3.1.x or ASP.NET 3.1.x. Uninstalling them will cause issues with those older versions of Veeam ONE. Even if newer versions of .NET (e.g., 6.x or 7.x) are installed, those older versions of Veeam ONE  still require .NET Core 3.1.x and ASP.NET 3.1.x.

More Information

Microsoft Security Advisory CVE-2022-41089 | .NET Remote Code Execution Vulnerability Microsoft DevBlog: .NET December 2022 Updates – .NET 7.0.1, .NET 6.0.12, .NET Core 3.1.32 .NET Core 3.1 Known Issues .NET Framework Remote Code Execution Vulnerability - CVE-2022-41089

Additional Resources / Links


BugZero® Risk Score

What's this?

Coming soon



Learn More