9.9

CVE-2023-38547

EPSS 10.76%
Veröffentlicht 07.11.2023 07:15:07
Zuletzt bearbeitet 06.03.2025 16:15:42
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Veeam ≫ One Version11.0.0.1379

Veeam ≫ One Version11.0.1.1880

Veeam ≫ One Version12.0.0.2498

Veeam ≫ One Version12.0.1.2591

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.76%	0.931

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
support@hackerone.com	9.9	3.1	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.veeam.com/kb4508

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38547

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38547

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38547

EUVD