CVE-2023-38547

critical

Veeam

CVSS v3 Base Score

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: November 7, 2023 (919 days ago)

Last Modified: March 6, 2025

Vendor: Veeam

Source: NVD

Description

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

References

🔗 www.veeam.com 🔗 www.veeam.com

CVE-2023-38547

Vulnerability Report

Description

References