One

one

Vendor: Veeam • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42024 1Veeam 1One Apr 28, 2025 Sep 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
CVE-2024-42023 1Veeam 1One Apr 28, 2025 Sep 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
CVE-2024-42022 1Veeam 1One Apr 28, 2025 Sep 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
CVE-2024-42021 1Veeam 1One Apr 28, 2025 Sep 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
CVE-2024-42020 1Veeam 1One Oct 27, 2024 Sep 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
CVE-2024-42019 1Veeam 1One May 1, 2025 Sep 7, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
CVE-2023-41723 1Veeam 1One Nov 21, 2024 Nov 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only ab...Show more A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.Show less
CVE-2023-38549 1Veeam 1One Nov 21, 2024 Nov 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of th...Show more A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.Show less
CVE-2023-38548 1Veeam 1One Mar 6, 2025 Nov 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
CVE-2023-38547 1Veeam 1One Mar 6, 2025 Nov 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL serve...Show more A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.Show less
CVE-2020-10915 1Veeam 1One Nov 21, 2024 Apr 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.Show less
CVE-2020-10914 1Veeam 1One Nov 21, 2024 Apr 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.Show less