What is CVE-2023-38547?

CVE-2023-38547 is a vulnerability in Veeam ONE that allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote code execution on the SQL server.

What is the severity of CVE-2023-38547?

The severity of CVE-2023-38547 is critical, with a severity value of 9.9.

Which versions of Veeam ONE are affected by CVE-2023-38547?

Veeam ONE versions 11.0.0.1379, 11.0.1.1880, 12.0.0.2498, and 12.0.1.2591 are affected by CVE-2023-38547.

What can an unauthenticated user do with CVE-2023-38547?

An unauthenticated user can gain information about the SQL server connection and potentially execute remote code on the SQL server.

How can I fix the CVE-2023-38547 vulnerability?

To fix the CVE-2023-38547 vulnerability, update Veeam ONE to a version that is not affected by the vulnerability. Refer to the Veeam website for the necessary patches or updates.

Vulnerability/
CVE-2023-38547

critical

9.9

7/11/2023

2/8/2024

CVE-2023-38547

First published: Tue Nov 07 2023(Updated: )

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Veeam ONE	=11.0.0.1379
Veeam ONE	=11.0.1.1880
Veeam ONE	=12.0.0.2498
Veeam ONE	=12.0.1.2591

Remedy

https://www.veeam.com/kb4508

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-38547?
CVE-2023-38547 is a vulnerability in Veeam ONE that allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote code execution on the SQL server.
What is the severity of CVE-2023-38547?
The severity of CVE-2023-38547 is critical, with a severity value of 9.9.
Which versions of Veeam ONE are affected by CVE-2023-38547?
Veeam ONE versions 11.0.0.1379, 11.0.1.1880, 12.0.0.2498, and 12.0.1.2591 are affected by CVE-2023-38547.
What can an unauthenticated user do with CVE-2023-38547?
An unauthenticated user can gain information about the SQL server connection and potentially execute remote code on the SQL server.
How can I fix the CVE-2023-38547 vulnerability?
To fix the CVE-2023-38547 vulnerability, update Veeam ONE to a version that is not affected by the vulnerability. Refer to the Veeam website for the necessary patches or updates.

collector/nvd-api
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-29849
alias/CVE-2024-29850
alias/CVE-2024-29851
alias/CVE-2023-27532
alias/CVE-2023-38547
alias/CVE-2023-38548
agent/severity
agent/remedy
agent/author
agent/references
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/veeam
canonical/veeam one
version/veeam one/11.0.0.1379
version/veeam one/11.0.1.1880
version/veeam one/12.0.0.2498
version/veeam one/12.0.1.2591

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.