// For flags

CVE-2020-15418

Veeam ONE SSRSReport GetCustomElementText XML External Entity Processing Information Disclosure Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSRSReport class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10709.

Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre las instalaciones afectadas de Veeam ONE versión 10.0.0.750_20200415. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro de la clase SSRSReport. Debido a la restricción inapropiada de las referencias XML External Entity (XXE), un documento especialmente diseñado que especifica un URI causa que el analizador XML acceda al URI e inserte el contenido nuevamente en el documento XML para su posterior procesamiento. Un atacante puede aprovechar esta vulnerabilidad para revelar el contenido del archivo en el contexto de SYSTEM. Fue ZDI-CAN-10709

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SSRSReport class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM.

*Credits: rgod
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-30 CVE Reserved
  • 2020-07-08 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Veeam
Search vendor "Veeam"
One Firmware
Search vendor "Veeam" for product "One Firmware"
< 9.5.4.4587
Search vendor "Veeam" for product "One Firmware" and version " < 9.5.4.4587"
-
Affected
in Veeam
Search vendor "Veeam"
One
Search vendor "Veeam" for product "One"
--
Safe
Veeam
Search vendor "Veeam"
One Firmware
Search vendor "Veeam" for product "One Firmware"
>= 10.0.0.0 < 10.0.0.750
Search vendor "Veeam" for product "One Firmware" and version " >= 10.0.0.0 < 10.0.0.750"
-
Affected
in Veeam
Search vendor "Veeam"
One
Search vendor "Veeam" for product "One"
--
Safe