Information Disclosure Vulnerability in Veeam ONE by Veeam
CVE-2023-38547

9.8CRITICAL

Key Information:

Vendor: Veeam
Status: One
Vendor: CVE Published:; 7 November 2023

Summary

A vulnerability in Veeam ONE allows an unauthenticated user to access sensitive information concerning the SQL server connection utilized for accessing its configuration database. This exposure could potentially open the door for unauthorized entities to execute remote code on the SQL server hosting the Veeam ONE configuration database, thereby compromising the integrity and security of the system.

Affected Version(s)

One 11

One 11a

One 12

References

https://www.veeam.com/kb4508

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Jul 20, 2023