Veeam ONE Vulnerability Allows Unauthorized Schedule Viewing for Read-Only Users
CVE-2023-41723

4.3MEDIUM

Key Information:

Vendor: Veeam
Status: One
Vendor: CVE Published:; 7 November 2023

Summary

A vulnerability in Veeam ONE permits users assigned to the Read-Only User role to access and view the Dashboard Schedule. This could potentially expose sensitive scheduling information within the application, although these users lack the permissions to modify any settings or configurations.

Affected Version(s)

One 11, 11a, 12

References

https://www.veeam.com/kb4508

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Aug 31, 2023