CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38547
https://notcve.org/view.php?id=CVE-2023-38547
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. Una vulnerabilidad en Veeam ONE permite a un usuario no autenticado obtener información sobre la conexión del servidor SQL que Veeam ONE utiliza para acceder a su base de datos de configuración. Esto puede llevar a la ejecución remota de código en el servidor SQL que aloja la base de datos de configuración de Veeam ONE. • https://www.veeam.com/kb4508 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41723
https://notcve.org/view.php?id=CVE-2023-41723
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. Una vulnerabilidad en Veeam ONE permite a un usuario con el rol de Veeam ONE Read-Only User ver la Programación del Panel. Nota: La gravedad de esta vulnerabilidad se reduce porque el usuario con el rol de Read-Only solo puede ver la programación y no puede realizar cambios. • https://www.veeam.com/kb4508 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 3CVE-2023-27532 – Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. • https://github.com/sfewer-r7/CVE-2023-27532 https://github.com/horizon3ai/CVE-2023-27532 https://github.com/puckiestyle/CVE-2023-27532-RCE-Only https://www.veeam.com/kb4424 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43549
https://notcve.org/view.php?id=CVE-2022-43549
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. La autenticación incorrecta en Veeam Backup para Google Cloud v1.0 y v3.0 permite a los atacantes eludir los mecanismos de autenticación. • https://www.veeam.com/kb4374 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32225
https://notcve.org/view.php?id=CVE-2022-32225
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. Se ha detectado una vulnerabilidad de tipo XSS basada en DOM reflejado en el directorio de ayuda de Veeam Management Pack for Microsoft System Center versión 8.0. Esta vulnerabilidad podría ser explotada por un atacante al convencer a un usuario legítimo de visitar una URL diseñada en un servidor de Veeam Management Pack for Microsoft System Center, permitiendo una ejecución de scripts arbitrarios • https://www.veeam.com/kb4338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •