What is CVE-2023-38547?

CVE-2023-38547 is a critical-severity vulnerability in Veeam One. CVSS score: 9.9/10. Published 2023-11-07.

How severe is CVE-2023-38547?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Vulnerability in Veeam One

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam…

EPSS: 0.189 (96.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Veeam One — versions 11, 11a, 12

References

www.veeam.com/kb4508

Frequently asked questions

What is CVE-2023-38547?: CVE-2023-38547 is a critical-severity vulnerability in Veeam One. CVSS score: 9.9/10. Published 2023-11-07.
How severe is CVE-2023-38547?: Critical severity. CVSS v3 base score is 9.9 out of 10.