CVE-2023-38547

CRITICAL Year: 2023
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-200
View all →

Vulnerability Description

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Related Vulnerabilities

CVE-2015-7926

CRITICAL
CVSS:9.9(Critical)

eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.

CWE-2002015

CVE-2018-12892

CRITICAL
CVSS:9.9(Critical)

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious...

CWE-2002018

CVE-2024-38650

CRITICAL
CVSS:9.9(Critical)

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.

CWE-2002024

CVE-2008-0655

CRITICAL
CVSS:9.8(Critical)

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.

CWE-2002008

CVE-2010-3845

CRITICAL
CVSS:9.8(Critical)

libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.

CWE-2002010

CVE-2014-6437

CRITICAL
CVSS:9.8(Critical)

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.

CWE-2002014