CVE-2023-38547

Name of the Vulnerable Software and Affected Versions Veeam ONE (affected versions not specified)

Description A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote code execution on the SQL server hosting the Veeam ONE configuration database. The issue is related to insufficient protection of service data, which can be exploited by a remote attacker to execute arbitrary code on the SQL server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.