What is CVE-2020-15418?

CVE-2020-15418 is a high-severity vulnerability in Veeam One, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2020-07-28.

How severe is CVE-2020-15418?

High severity. CVSS v3 base score is 7.5 out of 10.

XXE in Veeam One

CVE-2020-15418

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSRS…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.094 (94.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Veeam One — versions 10.0.0.750_20200415

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

www.zerodayinitiative.com/advisories/ZDI-20-821/ (x_refsource_MISC)
www.veeam.com/kb3221 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15418?: CVE-2020-15418 is a high-severity vulnerability in Veeam One, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2020-07-28.
How severe is CVE-2020-15418?: High severity. CVSS v3 base score is 7.5 out of 10.