CVE-2023-38548
published 2023-11-07CVE-2023-38548: A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by…
PriorityP430medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
11.81%
95.6th percentile
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | one | — | — |
| veeam | one | — | — |
| veeam | one | 12 – 12 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Veeam warns of critical Backup Enterprise Manager auth bypass bug
blogs_bleepingcomputer·2024-05-21·CVSS 7.5
[HIGH] Veeam warns of critical Backup Enterprise Manager auth bypass bug
## Veeam warns of critical Backup Enterprise Manager auth bypass bug
## Sergiu Gatlan
Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).
VBEM is a web-based platform that enables administrators to manage Veeam Backup & Replication installations via a single web console. It helps control backup jobs and perform restoration operations across an organization's backup infrastructure and large-scale deployments.
It's important to note that VBEM isn't enabled by default, and not all environments are susceptible to attacks exploiting the CVE-2024-29849 vulnerability, which Veeam has rated with a CVSS base score of 9.8/10.
"This vulnerability in Veeam Backup Ent
Checkpoint
13th November – Threat Intelligence Report
blogs_checkpoint·2023-11-13
CVE-2023-38547 13th November – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 13th November – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 13th November, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
US unit of China’s largest bank, the Industrial and Commercial Bank of China (ICBC), has suffered a ransomware attack that disrupted some of its financial services systems, reportedly affecting liquidity in US Treasuries. LockBit ransomware gang is reportedly behind the attack.
Check Point Threat Emulation and Harmony
2023-11-07
Published