CVE-2023-38547
CRITICALVeeam ONE - Unauthenticated Exposure of SQL Server Connection Information
Title source: llmDescription
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.veeam.com/kb4508
Scores
CVSS v3
9.8
EPSS
0.1894
EPSS Percentile
96.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (4)
veeam/one
11.0.0.1379
veeam/one
11.0.1.1880
veeam/one
12.0.0.2498
veeam/one
12.0.1.2591
Published
Nov 07, 2023
Tracked Since
Feb 18, 2026