Veeam has released an update for Backup & Replication version 12 fixing a Critical RCE vulnerability in all versions of version 12 which left it vulnerable to any local or domain joined user (if the device is domain joined). You can find more details and an audit in the Veeam Vulnerability blog post.