Unprivileged NTLM Hash Leak via Veeam ONE Web Client
CVE-2023-38549 Published on November 7, 2023

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

NVD

Products Associated with CVE-2023-38549

Want to know whenever a new CVE is published for Veeam One? stack.watch will email you.

Veeam One

Affected Versions

Veeam One:

Version 11, <= 11 is affected.
Version 11a, <= 11a is affected.
Version 12, <= 12 is affected.

Exploit Probability

EPSS

1.61%

Percentile

81.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Unprivileged NTLM Hash Leak via Veeam ONE Web ClientCVE-2023-38549 Published on November 7, 2023

Products Associated with CVE-2023-38549

Affected Versions

Exploit Probability

Unprivileged NTLM Hash Leak via Veeam ONE Web Client
CVE-2023-38549 Published on November 7, 2023