In this article, we shall discuss how to Upgrade Veeam ONE to 13.0.2.6723 to Address Security Fixes. Recently we updated Veeam ONE 13 as discussed here “how to upgrade Veeam One from v12 to v13“. Shortly, Veeam released some patches to VBR and Veeam ONE as well as discussed in this KB4858. According to it, this update includes upgrades to critical third-party components listed below such as the “uuid libraries etc, dompurify, postcss, and System.Security.Cryptography.Xml. Please see how to upgrade Veeam One from v12 to v13
As you know, Veeam ONE Web Client doesn’t just rely on Veeam’s proprietary code. It uses modern web development frameworks and open-source packages to render its dashboards, charts, and reports. Over time, vulnerabilities are discovered in these third-party packages as listed above. This specific ISO explicitly swaps out outdated components for secure, patched versions:
- DOMPurify upgraded to 3.4.2: DOMPurify is a library used to sanitize HTML and prevent Cross-Site Scripting (XSS) attacks. If malicious data bypasses this, an attacker could inject rogue scripts into the monitoring console.
- Vite & PostCSS Updates: These form the backbone of the frontend build toolchain and styles. Patching them mitigates supply-chain vulnerabilities where the management interface itself could be used as an exploit vector.
Mounting and running the specific Build 13.0.2.6723 ISO completely replaces these vulnerable dependencies and hardens your reporting environment as shown in the table below.
| Component | Before Upgrade | After Upgrade |
|---|---|---|
| Veeam ONE Server | 13.0.1.x | 13.0.2.6723 |
| Web UI | Old build | Updated |
| Database Schema | Outdated | Updated |
Why a Vulnerable Veeam ONE must be Patched
It is of great importance that we update our Veeam ONE instance immediately. This is because, if an attacker breaches a network. Their primary goal is to stay hidden, while they locate and destroy your backups.
If they can exploit the vulnerability in Veeam ONE. Then, they can potentially hijack the dashboard or blind the administrator. They can achieve this by silencing the alerts, mask anomalous behavior (like sudden high CPU usage from massive encryption, or delete alarm histories.
If your monitoring is compromised, you are flying blind while your primary backup infrastructure is actively dismantled if not immutable. Securing Veeam ONE is just as critical as securing Veeam Backup & Replication itself as discussed here “how to Fix Vulnerable Veeam Backup and Replication 13.0.1.2067 and Earlier“.
Please see how to Integrate Trellix ePolicy Orchestrator with a Syslog Server, Veeam Backup and Replication: PowerShell must be Remote Signed, and how to Prevent Automatic Driver Updates in Windows and Xen-Orchestra.
Determine the Current Veeam ONE Version
Before performing the upgrade, we have to verify the currently installed Veeam ONE build number. This helps confirm whether the deployment is affected by the vulnerabilities addressed in KB4858 referenced above.
This ensures the correct upgrade path to build 13.0.2.6723 is followed. It also provides a baseline for post-upgrade validation and troubleshooting. To do this, navigate to the Veeam ONE Client or Web Client. Click the Menu (≡) icon and select Help and click on About.
As you can see, we are running an earlier version 13.0.1.6168, and is currently vulnerable.
Peases see Switch from IP Addresses to DNS for Backup Infrastructure in VBR, how to remove a Repository from Veeam Backup and Replication, and Update Veeam Backup & Replication to Build 13.0.1.2067.
Download Veeam One Installation ISO
To downlod the latest version of Veeam ONE 13.0.2.6723. Please proceed to the following page to download the latest version of Veeam ONE.
After downloading the ISO, open the file properties and ensure the “Unblock” option is selected before mounting or extracting the file. Since the ISO was downloaded from the internet, Windows marks it with a security identifier (Mark of the Web), which can prevent certain files or scripts from executing correctly
Now mount or insert the disk with Veeam ONE installation image.
Thereafter, an autorun will open a splash screen with installation options. If Autorun is not available or disabled, run the Setup.exe file from the installation image as shown below.
Please see Fix broken Repository Path in Veeam Scale-Out Backup Repository, how to Leverage Azure Blob Storage as an Object Storage Repo in Veeam, and PXE Boot Failure: “Access Denied or Aborted” with Secure Boot on [Part 4].
Perform Upgrade
On the splash window click Upgrade.
At the License Agreements step of the wizard. Read and accept Veeam license agreement, licensing policy, 3rd party components and required software license agreements. You will not be able to continue upgrade until you accept license agreements.
Shortly, the Veeam ONE Setup wizard will automatically detect components of the previous version installed on the server. Kindly review the components to upgrade and click on Next.
Please see Advanced Tape Troubleshooting: Diagnosing Veeam LTO Drive Issues with ITDT, Azure Resource Locks: Protecting Critical Cloud Resources from Accidental and Malicious Deletion, and how to Fix Operating System Loader failed signature verification” on Dell Safe BIOS Systems via PXE [Part 3].
Specify Service Account
At the Service Account step of the wizard. Now, specify the password of the account under which Veeam ONE Service runs.
At the System Configuration Check stage, the installer verifies that all required prerequisite software is present on the system before continuing with the upgrade.
If any required components are missing. The setup wizard automatically installs and enables the necessary software features to ensure the system meets all requirements for the upgrade process.
On the ready to upgrade wizard, click on upgrade.
Please see How to protect Microsoft 365 beyond native limits with VDC [Part 1], how to Update WinPE Boot Images with Windows UEFI CA Certificates [Part 2], and how to perform Tape Drive Cleaning in Practice.
Upgrade Status
As you can see, the upgrade of Veeam ONE is oin proggress. At this time, the Veeam ONE Client is being upgraded.
The Veeam ONE Server upgrade has kicked off.
In this step, the Veeam ONE Web Serices are now being started. Shortly after this step, the latest updates are being applied.
As you can see below, the upgrade has finished successfully. Click on Finish to complete the upgrade process
As you can see below, we are now running Veeam ONE Version 13.0.2.6723 as downloaded.
I hope you foudn this article on how to Upgrade Veeam ONE to 13.0.2.6723 to Address Security Fixes very useful. Please feel free to leave a comment below.
