Veeam ONE RCE via SQL Server Connection Info Leak
CVE-2023-38547 Published on November 7, 2023
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-38547 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-38547
Want to know whenever a new CVE is published for Veeam One? stack.watch will email you.
Affected Versions
Veeam One:- Version 11, <= 11 is affected.
- Version 11a, <= 11a is affected.
- Version 12, <= 12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.