CVE-2023-38547

Published: Nov 7, 2023Modified: Mar 6, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Affected (4)

Products: Veeam: One

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Veeam One	Version 11.0.0.1379
Veeam One	Version 11.0.1.1880
Veeam One	Version 12.0.0.2498
Veeam One	Version 12.0.1.2591

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.veeam.com/kb4508

Source: support@hackerone.com

PatchVendor Advisory

https://www.veeam.com/kb4508

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.