PT-2023-6894 · Veeam · Veeam One
Jarmo Puttonen
+1
·
Published
2023-11-06
·
Updated
2024-02-07
·
CVE-2023-38547
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Veeam ONE (affected versions not specified)
Description
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote code execution on the SQL server hosting the Veeam ONE configuration database. The issue is related to insufficient protection of service data, which can be exploited by a remote attacker to execute arbitrary code on the SQL server.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Veeam One