Hotfixes for four recently found vulnerabilities in Veeam’s flagship IT monitoring and analytics tool—two of which are classified as critical—have been released by the data resiliency specialist. The company disclosed CVE-2023-38547, a CVSS 9.9-rated vulnerability in Veeam ONE 11, 11a, and 12 yesterday in a security update.
A flaw in Veeam ONE makes it possible for an unauthorized person to get details about the SQL server connection that Veeam ONE makes in order to access its configuration database. It said, “This could result in remote code execution on the SQL server that houses the Veeam ONE configuration database.With a CVSS score of 9.8, the second critical flaw (CVE-2023-38548) impacts Veeam ONE version 12.