| Product and Affected Versions: Product: Veeam ONE IT monitoring and analytics platform Affected Versions: 11, 11a, 12 |
| Severity and CVE ID: CVE-2023-38547 Severity: Critical CVSS Score: 9.9 CVE-2023-38548 Severity: Critical CVSS Score: 9.8 CVE-2023-38549 Severity: Medium CVSS Score: 4.5 CVE-2023-41723 Severity: Medium CVSS Score: 4.3 |
| Vulnerabilities: CVE-2023-38547: Unspecified flaw allowing an unauthenticated user to gain information about the SQL server connection and leading to remote code execution on the SQL server. CVE-2023-38548: Flaw enabling an unprivileged user to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. CVE-2023-38549: Cross-site scripting (XSS) vulnerability allowing a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role. CVE-2023-41723: Vulnerability permitting a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. |
| How Attack Works: CVE-2023-38547: Exploited by an unauthenticated user to gain information and execute code remotely on the SQL server. CVE-2023-38548: Unprivileged user with access to the Veeam ONE Web Client can obtain the NTLM hash of the Reporting Service account. CVE-2023-38549: XSS vulnerability allows a Veeam ONE Power User to acquire the access token of a Veeam ONE Administrator. CVE-2023-41723: Read-Only User with Veeam ONE role can view the Dashboard Schedule. |
| Remediations: Users on affected versions (11, 11a, 12) are recommended to:Stop Veeam ONE Monitoring and Reporting services. Replace existing files with those provided in the hotfix. Restart the two services. |
| Reference: – The fixes for the issues are available in the following versions: Veeam ONE 11 (11.0.0.1379) Veeam ONE 11a (11.0.1.1880) Veeam ONE 12 P20230314 (12.0.1.2591) – Recent exploits of critical flaws in Veeam backup software by threat actors, including FIN7 and BlackCat ransomware, to distribute malware. |
