Veeam ONE Read-Only View Dashboard Schedule Info Disclosure
CVE-2023-41723 Published on November 7, 2023
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
Weakness Type
Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Products Associated with CVE-2023-41723
Want to know whenever a new CVE is published for Veeam One? stack.watch will email you.
Affected Versions
Veeam One:- Version 11, 11a, 12, <= 11, 11a, 12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.