Latest Cyber Security News

You are here: Home / General Cyber Security News / Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
November 7, 2023

Veeam has launched security updates to tackle 4 flaws in its One IT checking and analytics system, two of which are rated critical in severity.

The list of vulnerabilities is as follows –

  • CVE-2023-38547 (CVSS rating: 9.9) – An unspecified flaw that can be leveraged by an unauthenticated consumer to obtain facts about the SQL server connection Veeam A single uses to entry its configuration databases, resulting in distant code execution on the SQL server.
  • CVE-2023-38548 (CVSS score: 9.8) – A flaw in Veeam A single that lets an unprivileged person with access to the Veeam One Web Consumer to obtain the NTLM hash of the account applied by the Veeam A person Reporting Service.
  • CVE-2023-38549 (CVSS rating: 4.5) – A cross-web page scripting (XSS) vulnerability that makes it possible for a person with the Veeam A single Power Person purpose to obtain the obtain token of a consumer with the Veeam A person Administrator part.
  • CVE-2023-41723 (CVSS score: 4.3) – A vulnerability in Veeam One particular that permits a person with the Veeam Just one Go through-Only Person function to view the Dashboard Timetable.

When CVE-2023-38547, CVE-2023-38548, and CVE-2023-41723 impression Veeam 1 versions 11, 11a, 12, CVE-2023-38548 impacts only Veeam A single 12. Fixes for the issues are out there in the beneath variations –

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • Veeam A person 11 (11…1379)
  • Veeam One particular 11a (11..1.1880)
  • Veeam A person 12 P20230314 (12..1.2591)

Over the previous couple of months, critical flaws in the Veeam backup software program have been exploited by several menace actors, which include FIN7 and BlackCat ransomware, to distribute malware.

Customers managing the influenced variations are encouraged to halt the Veeam One Checking and Reporting products and services, switch the present information with the information furnished in the hotfix, and restart the two solutions.

Found this post exciting? Follow us on Twitter  and LinkedIn to read through extra distinctive content we put up.


Some elements of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *