Veeam ONE [1] [2] [3] [4] [5] [6] [7] [8], an IT infrastructure monitoring and analytics platform [1] [2] [7], has released hotfixes to address vulnerabilities in its system [2] [5]. These vulnerabilities include critical issues with a high severity rating.


Veeam ONE has identified two critical vulnerabilities, CVE-2023-38547 and CVE-2023-38548 [1] [2] [3] [5] [6] [8], both rated 9.9 on the CVSS v3.1 scale [4]. CVE-2023-38547 allows an unauthenticated attacker to gain information about the SQL server connection used by Veeam ONE [2] [5] [6] [7] [8], potentially leading to remote code execution on the SQL server hosting the Veeam ONE configuration database [4] [7]. This vulnerability has been fixed in Veeam ONE 12 P20230314 ( CVE-2023-38548 allows an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service [2] [3] [5] [7]. This vulnerability only affects Veeam ONE 12.

In addition to the critical vulnerabilities, Veeam ONE has also addressed two medium-severity vulnerabilities [1]. CVE-2023-38549 requires a user to interact with the product’s administrator role to obtain an access token [5]. CVE-2023-41723 allows a user with read-only access to view the Dashboard Schedule [5].


To ensure the security of their systems, users are advised to install the hotfixes provided by Veeam. These fixes address critical vulnerabilities that could lead to remote code execution and unauthorized access. By promptly applying the hotfixes, users can mitigate the risks associated with these vulnerabilities and protect their IT infrastructure.