Lucene search
K

12 matches found

CVE
CVE
added 2023/11/07 6:17 a.m.1307 views

CVE-2023-38547

The CVE-2023-38547 issue affects Veeam ONE (versions 11, 11a, 12), where an unauthenticated user can access information about the SQL Server connection to the Veeam ONE configuration database, potentially enabling remote code execution on the SQL server. Mitigation is via the vendor hotfix descri...

9.9CVSS9.8AI score0.18942EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.123 views

CVE-2020-10915

CVE-2020-10915 affects VEEAM ONE Agent (version around 9.5.4.4587). The root cause is deserialization of untrusted data in the HandshakeResult method, allowing an unauthenticated attacker to execute code with the service account’s privileges via a network exploit. Public materials reference pre-a...

9.8CVSS9.7AI score0.86619EPSS
CVE
CVE
added 2020/04/22 8:51 p.m.119 views

CVE-2020-10914

CVE-2020-10914 affects VEEAM One Agent, specifically the component in the PerformHandshake method. The vulnerability arises from insufficient validation of user-supplied data, leading to deserialization of untrusted data and remote code execution in the context of the service account. Reports acr...

9.8CVSS9.7AI score0.4703EPSS
CVE
CVE
added 2023/11/07 6:17 a.m.98 views

CVE-2023-41723

CVE-2023-41723 affects Veeam ONE: a user with the Veeam ONE Read-Only role can view the Dashboard Schedule. The impact is limited since no changes can be made. Documented in multiple sources confirms CVSS ~4.3 (Medium) and that fixes exist in Veeam ONE versions 11, 11a, and 12 via KB4508; apply h...

4.3CVSS5.5AI score0.1232EPSS
CVE
CVE
added 2023/11/07 6:17 a.m.89 views

CVE-2023-38548

CVE-2023-38548 affects Veeam ONE. An unprivileged user with access to the Veeam ONE Web Client can obtain the NTLM hash of the account used by the Veeam ONE Reporting Service, per multiple sources. Connected documents corroborate the issue in Veeam ONE 12 and earlier, describing an information di...

9.8CVSS9.3AI score0.11806EPSS
CVE
CVE
added 2023/11/07 6:17 a.m.86 views

CVE-2023-38549

CVE-2023-38549 affects Veeam ONE. Connected sources confirm an XSS-related flaw in the Web Client that allows an unprivileged user to obtain the NTLM hash of the Veeam ONE Reporting Service account. Red Hat and ENISA/NCSC references indicate mitigations: fixes are released for Veeam ONE 11/11a/12...

5.4CVSS5.6AI score0.19125EPSS
CVE
CVE
added 2024/09/07 4:11 p.m.86 views

CVE-2024-42019

CVE-2024-42019 affects Veeam products (notably Veeam ONE) and enables an attacker to access the NTLM hash of the Veeam Reporter Service account. The vulnerability is triggered by user interaction and relies on data from Veeam Backup & Replication. Publicly documented details indicate affected ver...

9CVSS6.8AI score0.00513EPSS
CVE
CVE
added 2024/09/07 4:11 p.m.85 views

CVE-2024-42024

CVE-2024-42024 affects Veeam ONE. The flaw allows an attacker with the Veeam ONE Agent service account credentials to perform remote code execution on the host where ONE is installed. Affected product: Veeam ONE (12.x line). Root cause: improper access control enabling RCE when credentials are pr...

9.1CVSS7.8AI score0.01254EPSS
CVE
CVE
added 2024/09/07 4:11 p.m.71 views

CVE-2024-42023

CVE-2024-42023 affects Veeam ONE (and related Veeam products) and is disclosed in the Veeam security bulletin. The issue is described as an improper access control allowing a low-privileged user to remotely execute code with Administrator privileges. Affected line in the bulletin notes that Veeam...

8.8CVSS7.3AI score0.0047EPSS
CVE
CVE
added 2024/09/07 4:11 p.m.69 views

CVE-2024-42020

CVE-2024-42020 is an XSS in Veeam ONE Reporter Widgets that allows HTML injection. Affected product appears to be Veeam ONE 12.x (Reporter Widgets in 12.1.0.3208 and earlier). The root cause is improper handling of widget content enabling HTML/Script execution within the UI. Impact details in sou...

7.3CVSS6.5AI score0.00384EPSS
CVE
CVE
added 2024/09/07 4:11 p.m.68 views

CVE-2024-42022

CVE-2024-42022 is an incorrect permission assignment vulnerability affecting multiple Veeam products (e.g., Veeam ONE, Backup & Replication, and related components). The threat allows an attacker to modify product configuration files via a local/privilege-related path, as described across connect...

7.5CVSS6.8AI score0.00283EPSS
CVE
CVE
added 2024/09/07 4:11 p.m.66 views

CVE-2024-42021

CVE-2024-42021 affects Veeam ONE (12.1.x) and earlier 12 builds, where an improper access control allows an attacker with valid access tokens to access saved credentials. The issue is documented in Veeam ONE vulnerability details and is noted as fixed in Veeam ONE 12.2 (build 12.2.0.4093). Affect...

7.5CVSS6.8AI score0.00299EPSS