CVE-2023-38548
MEDIUMVeeam ONE - Unprotected Credential Exposure via Web Client
Title source: llmDescription
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.veeam.com/kb4508
Scores
CVSS v3
4.3
EPSS
0.1181
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-522
Status
published
Products (2)
veeam/one
12.0.0.2498
veeam/one
12.0.1.2591
Published
Nov 07, 2023
Tracked Since
Feb 18, 2026