Vulnerabilities > Veeam > ONE

DATE CVE VULNERABILITY TITLE RISK
2024-09-07 CVE-2024-42020 Cross-site Scripting vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
network
low complexity
veeam CWE-79
5.4
2023-11-07 CVE-2023-38547 Unspecified vulnerability in Veeam ONE
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database.
network
low complexity
veeam
critical
9.8
2023-11-07 CVE-2023-38548 Unspecified vulnerability in Veeam ONE 12.0.0.2498/12.0.1.2591
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
network
low complexity
veeam
4.3
2023-11-07 CVE-2023-38549 Cross-site Scripting vulnerability in Veeam ONE
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
network
low complexity
veeam CWE-79
5.4
2023-11-07 CVE-2023-41723 Unspecified vulnerability in Veeam ONE
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.
network
low complexity
veeam
4.3
2020-04-22 CVE-2020-10915 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
9.8
2020-04-22 CVE-2020-10914 Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.
network
low complexity
veeam CWE-502
critical
9.8