Putsi

**Name of the Vulnerable Software and Affected Versions** Veeam ONE (affected versions not specified) **Description** The issue is related to access control errors in the Veeam ONE web client, allowing an unprivileged user with access to the web client to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. This could potentially lead to privilege escalation. There is also a mention of a possible information leak about the SQL server connection used by Veeam ONE, which may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Veeam ONE (affected versions not specified) **Description** A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote code execution on the SQL server hosting the Veeam ONE configuration database. The issue is related to insufficient protection of service data, which can be exploited by a remote attacker to execute arbitrary code on the SQL server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acronis Cloud Manager (Windows) versions before 6.2.23089.203 **Description** The issue is related to sensitive information disclosure due to unauthenticated path traversal and improper input validation. This allows a remote attacker to access confidential information. **Recommendations** For versions before 6.2.23089.203, update to a version 6.2.23089.203 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Acronis Cloud Manager (Windows) versions before 6.2.23089.203 **Description** The issue is related to remote command execution due to improper input validation. This allows a remote attacker to execute arbitrary commands. **Recommendations** For Acronis Cloud Manager (Windows) versions before 6.2.23089.203, update to a version after build 6.2.23089.203 to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Acronis Cloud Manager (Windows) versions before 6.2.23089.203 **Description** The issue is related to remote command execution due to improper input validation. This allows a remote attacker to execute arbitrary commands. **Recommendations** For Acronis Cloud Manager (Windows) versions before 6.2.23089.203, update to a version after build 6.2.23089.203 to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.