Veeam One
12 CVEs affecting Veeam One. Latest disclosed: 2024-09-07. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-38547 | Critical | 9.9 | 2023-11-07 | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration data… |
CVE-2023-38548 | Critical | 9.8 | 2023-11-07 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by… |
CVE-2024-42024 | Critical | 9.1 | 2024-09-07 | A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where… |
CVE-2024-42019 | Critical | 9.0 | 2024-09-07 | A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data c… |
CVE-2024-42023 | High | 7.8 | 2024-09-07 | An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. |
CVE-2024-42021 | High | 7.5 | 2024-09-07 | An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. |
CVE-2024-42022 | High | 7.5 | 2024-09-07 | An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. |
CVE-2020-15419 | High | 7.5 | 2020-07-28 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not… |
CVE-2020-15418 | High | 7.5 | 2020-07-28 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not… |
CVE-2024-42020 | High | 7.3 | 2024-09-07 | A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. |
CVE-2023-38549 | Medium | 4.5 | 2023-11-07 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by… |
CVE-2023-41723 | Medium | 4.3 | 2023-11-07 | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability i… |