Web Client Vulnerability in Veeam ONE Affects User Account Security
CVE-2023-38548

4.3MEDIUM

Key Information:

Vendor: Veeam
Status: One
Vendor: CVE Published:; 7 November 2023

Summary

A security flaw in Veeam ONE enables an unprivileged user with access to the Veeam ONE Web Client to potentially obtain the NTLM hash associated with the account utilized by the Veeam ONE Reporting Service. This exposure can lead to unauthorized access and compromise of user credentials.

Affected Version(s)

One 12

References

https://www.veeam.com/kb4508

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Jul 20, 2023