Every CVE whose affected-product data names Veeam One, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-10914 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587…
CVE-2020-10915 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587…
CVE-2023-38547 — CVSS 9.8 (critical): A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access…
CVE-2024-42024 — CVSS 8.8 (high): A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution…
CVE-2024-42023 — CVSS 8.8 (high): An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
CVE-2024-42019 — CVSS 8.0 (high): A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user…
CVE-2024-42021 — CVSS 6.5 (medium): An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
CVE-2024-42020 — CVSS 5.4 (medium): A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
CVE-2023-38549 — CVSS 5.4 (medium): A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of…
CVE-2024-42022 — CVSS 5.3 (medium): An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
CVE-2023-41723 — CVSS 4.3 (medium): A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of…
CVE-2023-38548 — CVSS 4.3 (medium): A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of…