What is CVE-2023-38549?

CVE-2023-38549 is a medium-severity vulnerability in Veeam One. CVSS score: 4.5/10. Published 2023-11-07.

How severe is CVE-2023-38549?

Medium severity. CVSS v3 base score is 4.5 out of 10.

Vulnerability in Veeam One

CVE-2023-38549

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is…

EPSS: 0.191 (97.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N.

Affected products

Veeam One — versions 11, 11a, 12

References

www.veeam.com/kb4508

Frequently asked questions

What is CVE-2023-38549?: CVE-2023-38549 is a medium-severity vulnerability in Veeam One. CVSS score: 4.5/10. Published 2023-11-07.
How severe is CVE-2023-38549?: Medium severity. CVSS v3 base score is 4.5 out of 10.