CVE-2023-38548

Published: Nov 7, 2023Modified: Mar 6, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

Affected (2)

Products: Veeam: One

Veeam

1 product

One

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Veeam One	Version 12.0.0.2498
Veeam One	Version 12.0.1.2591

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.veeam.com/kb4508

Source: support@hackerone.com

PatchVendor Advisory

https://www.veeam.com/kb4508

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.