cbcvebase.
CVE-2023-38549
published 2023-11-07

CVE-2023-38549: A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by…

PriorityP338medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
19.13%
97.0th percentile
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

Affected

7 ranges
VendorProductVersion rangeFixed in
veeamone
veeamone
veeamone
veeamone
veeamone11 – 11
veeamone11a – 11a
veeamone12 – 12

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.