CVE Daily
← All tags

Tag: Veeam ONE

All CVEs associated with "Veeam ONE". Page 1/1 • 12 CVEs.

About “Veeam ONE”

A curated feed of “Veeam ONE”-related CVEs appears below. We currently track 12 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.2 (all time), and 58% are rated High/Critical (all time). Top CWEs (all time): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-611 - Improper Restriction of XML External Entity Reference, CWE-502 - Deserialization of Untrusted Data.

In our taxonomy this topic maps to a LOW impact class. Backup and DR systems hold credentials and full data copies. Patch promptly, validate backup and restore paths, restrict admin access, and encrypt repositories. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: veeam-one

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
1313.0.2.6723Unavailable-
1212.3.0.4670
1111.0.1.1880 Expired
1010.0.2.1094 Expired
9.59.5.4.4587 Expired
9.09.0.0.2088Unavailable- Expired
8.08.0.0.1669Unavailable- Expired
7.07.0.0.949Unavailable- Expired
6.56.5.0.686Unavailable- Expired
6.06.0.0.520Unavailable- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Veeam ONE”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-09-07
High

CVE-2024-42024

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

CVSS: 8.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2023-11-07
Medium

CVE-2023-41723

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read…

CVSS: 4.3 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2023-38549

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note:…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-38548

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

CVSS: 4.3 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Critical

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execu…

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-07-28
High

CVE-2020-15419

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability.…

CVSS: 7.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2020-15418

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability.…

CVSS: 7.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2020-04-22
Critical

CVE-2020-10915

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2020-10914

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specifi…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2019-07-27
Medium

CVE-2019-14298

Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2019-14297

Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2019-05-06
High

CVE-2019-11569

Veeam ONE Reporter 9.5.0.3201 allows CSRF.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox