ClickCease Critical Veeam ONE Vulnerabilities Addressed

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Critical Veeam ONE Vulnerabilities Addressed

Rohan Timalsina

November 22, 2023 - TuxCare expert team

Veeam has recently released essential updates to address four security vulnerabilities in its Veeam ONE monitoring and analytics platform. Two of them are critical, and it is crucial to apply these fixes to maintain the security of your systems.

The critical vulnerabilities were given nearly the highest severity ratings (9.8 and 9.9 out of 10 on the CVSS base scores). These vulnerabilities could allow attackers to execute remote code and steal NTLM hashes from vulnerable servers, posing a serious threat to your system’s integrity.


Veeam ONE Vulnerabilities Details


One of the critical vulnerabilities tracked as CVE-2023-38547 allows an unauthenticated user to gain information about the SQL server connection used by Veeam ONE to access its configuration database. This could potentially lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

The second critical vulnerability, identified as CVE-2023-38548, enables an unprivileged user with access to the Veeam ONE Web Client to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. This poses a significant risk and has been promptly addressed in the latest update.

Additionally, Veeam has fixed a security flaw, CVE-2023-38549, that could allow attackers with Power User roles to steal the access token of an admin in a Cross-Site Scripting (XSS) attack, requiring user interaction from someone with the Veeam ONE Administrator role.

The fourth vulnerability, CVE-2023-41723, addressed in this update, can be exploited by malicious actors with the Read-Only User role to access the Dashboard Schedule without the ability to make changes.

These Veeam ONE vulnerabilities impact actively supported versions up to the latest release. To ensure the security of your systems, Veeam has provided hotfixes for the following versions:

  • Veeam ONE 12 P20230314 (
  • Veeam ONE 11a (
  • Veeam ONE 11 (

To apply these fixes, administrators need to stop the Veeam ONE monitoring and reporting services on affected servers, replace the files on the disk with the files in the hotfix, and then restart the services to deploy the updates.




It’s worth noting that Veeam has a substantial user base, with its software being used by over 450,000 customers globally, including 82% of Fortune 500 companies and 72% of those listed in the Global 2,000 annual ranking. Ensuring the prompt application of these updates is crucial for safeguarding your systems against potential security threats.

This effort to address Veeam ONE vulnerabilities follows Veeam’s recent fix for a high-severity Backup Service vulnerability (CVE-2023-27532) in the Backup and Replication software. This vulnerability was targeted in attacks linked to the financially motivated FIN7 threat group, known for its connections with multiple ransomware operations. Stay vigilant and prioritize the security of your systems by promptly applying these updates.



The sources for this article can be found on BleepingComputer.

Critical Veeam ONE Vulnerabilities Addressed
Article Name
Critical Veeam ONE Vulnerabilities Addressed
Veeam issues crucial updates to fix severe Veeam ONE vulnerabilities. Learn about the risks and steps to safeguard your systems. Act now!
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter