Patch/Configuration Management, Network Security

Veeam ONE vulnerabilities addressed

SecurityWeek reports that patches have been released by Veeam to remediate four security vulnerabilities impacting its Veeam ONE IT monitoring and analytics solution. Most severe of the addressed bugs was CVE-2023-38547, which could be leveraged by an unauthenticated user to secure SQL server connection details used for configuration database access, according to Veeam. "This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database," Veeam said. Meanwhile, another fixed critical flaw, tracked as CVE-2023-38548, could be exploited to enable the exfiltration of the Veeam ONE Reporting Service's NTLM hash. Fixes have also been provided for the medium-severity bug, tracked as CVE-2023-38549, which could be used to obtain Veeam ONE administrator access tokens, as well as CVE-2023-41723, which could be exploited to enable access to the app's dashboard schedule. While there have been no reports of active exploitation, organizations have been urged to immediately apply the issued fixes.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.