[ad_1]
Veeam has launched safety updates to handle 4 flaws in its ONE IT monitoring and analytics platform, two of that are rated important in severity.
The checklist of vulnerabilities is as follows –
- CVE-2023-38547 (CVSS rating: 9.9) – An unspecified flaw that may be leveraged by an unauthenticated person to realize details about the SQL server connection Veeam ONE makes use of to entry its configuration database, leading to distant code execution on the SQL server.
- CVE-2023-38548 (CVSS rating: 9.8) – A flaw in Veeam ONE that enables an unprivileged person with entry to the Veeam ONE Net Consumer to acquire the NTLM hash of the account utilized by the Veeam ONE Reporting Service.
- CVE-2023-38549 (CVSS rating: 4.5) – A cross-site scripting (XSS) vulnerability that enables a person with the Veeam ONE Energy Person position to acquire the entry token of a person with the Veeam ONE Administrator position.
- CVE-2023-41723 (CVSS rating: 4.3) – A vulnerability in Veeam ONE that allows a person with the Veeam ONE Learn-Solely Person position to view the Dashboard Schedule.
Whereas CVE-2023-38547, CVE-2023-38548, and CVE-2023-41723 affect Veeam ONE variations 11, 11a, 12, CVE-2023-38548 impacts solely Veeam ONE 12. Fixes for the problems can be found within the under variations –
- Veeam ONE 11 (11.0.0.1379)
- Veeam ONE 11a (11.0.1.1880)
- Veeam ONE 12 P20230314 (12.0.1.2591)
Over the previous few months, important flaws within the Veeam backup software program have been exploited by a number of menace actors, together with FIN7 and BlackCat ransomware, to distribute malware.
Customers working the affected variations are really useful to cease the Veeam ONE Monitoring and Reporting providers, substitute the present information with the information supplied within the hotfix, and restart the 2 providers.
[ad_2]
