A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).Referenceshttps://www.veeam.com/kb4649