12 matches found
CVE-2023-38547
The CVE-2023-38547 issue affects Veeam ONE (versions 11, 11a, 12), where an unauthenticated user can access information about the SQL Server connection to the Veeam ONE configuration database, potentially enabling remote code execution on the SQL server. Mitigation is via the vendor hotfix descri...
CVE-2020-10915
CVE-2020-10915 affects VEEAM ONE Agent (version around 9.5.4.4587). The root cause is deserialization of untrusted data in the HandshakeResult method, allowing an unauthenticated attacker to execute code with the service account’s privileges via a network exploit. Public materials reference pre-a...
CVE-2020-10914
CVE-2020-10914 affects VEEAM One Agent, specifically the component in the PerformHandshake method. The vulnerability arises from insufficient validation of user-supplied data, leading to deserialization of untrusted data and remote code execution in the context of the service account. Reports acr...
CVE-2023-41723
CVE-2023-41723 affects Veeam ONE: a user with the Veeam ONE Read-Only role can view the Dashboard Schedule. The impact is limited since no changes can be made. Documented in multiple sources confirms CVSS ~4.3 (Medium) and that fixes exist in Veeam ONE versions 11, 11a, and 12 via KB4508; apply h...
CVE-2023-38548
CVE-2023-38548 affects Veeam ONE. An unprivileged user with access to the Veeam ONE Web Client can obtain the NTLM hash of the account used by the Veeam ONE Reporting Service, per multiple sources. Connected documents corroborate the issue in Veeam ONE 12 and earlier, describing an information di...
CVE-2023-38549
CVE-2023-38549 affects Veeam ONE. Connected sources confirm an XSS-related flaw in the Web Client that allows an unprivileged user to obtain the NTLM hash of the Veeam ONE Reporting Service account. Red Hat and ENISA/NCSC references indicate mitigations: fixes are released for Veeam ONE 11/11a/12...
CVE-2024-42019
CVE-2024-42019 affects Veeam products (notably Veeam ONE) and enables an attacker to access the NTLM hash of the Veeam Reporter Service account. The vulnerability is triggered by user interaction and relies on data from Veeam Backup & Replication. Publicly documented details indicate affected ver...
CVE-2024-42024
CVE-2024-42024 affects Veeam ONE. The flaw allows an attacker with the Veeam ONE Agent service account credentials to perform remote code execution on the host where ONE is installed. Affected product: Veeam ONE (12.x line). Root cause: improper access control enabling RCE when credentials are pr...
CVE-2024-42023
CVE-2024-42023 affects Veeam ONE (and related Veeam products) and is disclosed in the Veeam security bulletin. The issue is described as an improper access control allowing a low-privileged user to remotely execute code with Administrator privileges. Affected line in the bulletin notes that Veeam...
CVE-2024-42020
CVE-2024-42020 is an XSS in Veeam ONE Reporter Widgets that allows HTML injection. Affected product appears to be Veeam ONE 12.x (Reporter Widgets in 12.1.0.3208 and earlier). The root cause is improper handling of widget content enabling HTML/Script execution within the UI. Impact details in sou...
CVE-2024-42022
CVE-2024-42022 is an incorrect permission assignment vulnerability affecting multiple Veeam products (e.g., Veeam ONE, Backup & Replication, and related components). The threat allows an attacker to modify product configuration files via a local/privilege-related path, as described across connect...
CVE-2024-42021
CVE-2024-42021 affects Veeam ONE (12.1.x) and earlier 12 builds, where an improper access control allows an attacker with valid access tokens to access saved credentials. The issue is documented in Veeam ONE vulnerability details and is noted as fixed in Veeam ONE 12.2 (build 12.2.0.4093). Affect...