Vulnerabilities > CVE-2024-42019 - Unspecified vulnerability in Veeam ONE

CVSS 8.0 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

veeam

NVD

Published: 2024-09-07

Updated: 2025-05-01

Summary

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

Vulnerable Configurations

Part	Description	Count
Application	Veeam Veeam ONE 6.0.0.520 Veeam ONE 6.5.0.676 Veeam ONE 6.5.0.686 Veeam ONE 7.0.0.876 Veeam ONE 7.0.0.919 Veeam ONE 7.0.0.949 Veeam ONE 8.0.0.1567 Veeam ONE 8.0.0.1569 Veeam ONE 8.0.0.1615 Veeam ONE 8.0.0.1669 Veeam ONE 9.0.0.2062 Veeam ONE 9.0.0.2088 Veeam ONE 9.5.0.3201 Veeam ONE 9.5.0.3254 Veeam ONE 9.5.0.3801 Veeam ONE 9.5.4.4566 Veeam ONE 9.5.4.4587 Veeam ONE 10.0.0.750 Veeam ONE 10.0.2.1094 Veeam ONE 11.0.0.1379 Veeam ONE 11.0.1.1880 Veeam ONE 12.0.0.2498 Veeam ONE 12.0.1.2591	23

References

https://www.veeam.com/kb4649