...
BugZero found this defect 344 days ago.
CVE-2023-38547 A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. Affected Version(s)*: Veeam ONE 11, 11a, 12Severity: CriticalCVSS v3.1: 9.9 CVE-2023-38548 A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Affected Version(s)*: Veeam ONE 12 Severity: CriticalCVSS v3.1 score: 9.8 CVE-2023-38549 A vulnerability in Veeam ONE allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role through the use of XSS.Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. Affected Version(s)*: Veeam ONE 11, 11a, 12Severity: MediumCVSS v3.1 score: 4.5 CVE-2023-41723 A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. Affected Version(s)*: Veeam ONE 11, 11a, 12Severity: MediumCVSS v3.1 score: 4.3 *Vulnerability testing was only performed using actively supported versions of Veeam ONE.
A hotfix to resolve these vulnerabilities is available for the following versions: Veeam ONE 12 P20230314 (12.0.1.2591) Veeam ONE 11a (11.0.1.1880) Veeam ONE 11 (11.0.0.1379)
Check Veeam ONE Build Number Before downloading the hotfix, check which version of Veeam ONE is installed using one of the methods below: Check under Help > About in the Veeam ONE Client. Check within Apps and Features or Programs and Features (Appwiz.cpl). Run the following command on the Veeam ONE server:
Verify the version of Veeam ONE installed using one of the methods below: Check under Help > About in the Veeam ONE Client. Check within Apps and Features or Progams and Features (Appwiz.cpl). Run the following command on the Veeam ONE server:
As this is a hotfix, the build number of the software will not change. As such, validating the hotfix has been deployed requires checking the hash value of the files present and comparing them to the known hash values of the files included in the hotfix. Click the version row to expand the list of files included with the hotfix and their known SHA1 hash values.
The vulnerabilities associated with CVE-2023-38547, CVE-2023-38548, and CVE-2023-38549 were reported by Jarmo Puttonen(@putsi).