CVE-2023-38548

MEDIUM

Veeam ONE - Info Disclosure

Title source: llm

Description

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

References (1)

[Patch, Vendor Advisory] https://www.veeam.com/kb4508

Scores

CVSS v3 4.3

EPSS 0.0098

EPSS Percentile 76.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

veeam/one

Timeline

Published Nov 07, 2023

Tracked Since Feb 18, 2026