CVE-2023-38549

medium

Veeam

CVSS v3 Base Score

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

None

Published: November 7, 2023 (919 days ago)

Last Modified: November 21, 2024

Vendor: Veeam

Source: NVD

Description

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

References

🔗 www.veeam.com 🔗 www.veeam.com

CVE-2023-38549

Vulnerability Report

Description

References