CVE-2023-38548

Name of the Vulnerable Software and Affected Versions Veeam ONE (affected versions not specified)

Description The issue is related to access control errors in the Veeam ONE web client, allowing an unprivileged user with access to the web client to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. This could potentially lead to privilege escalation. There is also a mention of a possible information leak about the SQL server connection used by Veeam ONE, which may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.