b2b-daily
Home | IT | Cyber Security

Veeam Software Patches Severe Security Vulnerabilities in Veeam ONE

Avatar photo
by Bairon McAdams
November 10, 2023
Image Credit: Other
Veeam Software Patches Severe Security Vulnerabilities in Veeam ONE
Table of Contents
  1. Overview of Veeam Software's Security Vulnerabilities
  2. First Critical Vulnerability - CVE-2023-38547
  3. Second Critical Vulnerability - CVE-2023-38548
  4. Medium Severity Vulnerability - CVE-2023-38549
  5. Fourth Vulnerability - CVE-2023-41723
  6. Rollout of Patches
  7. Importance of Immediate Patch Installation
  8. Background of Veeam Software
  9. Historical Attacks on Veeam's Backup Solutions

Veeam Software, a leading provider of backup and recovery solutions, has recently released urgent security patches to address four severe vulnerabilities in its Veeam ONE product. These vulnerabilities pose a significant risk to users, potentially allowing attackers to execute remote code, obtain hashed passwords, and compromise access tokens. It is crucial for administrators to download and install the patches as soon as possible to mitigate these vulnerabilities and safeguard their systems.

Overview of Veeam Software’s Security Vulnerabilities

Veeam Software has identified and documented four critical security flaws in Veeam ONE, which require immediate attention. The severity scores assigned to two of these vulnerabilities are particularly alarming, with a CVSS rating of 9.9 out of 10.

First Critical Vulnerability – CVE-2023-38547

The most severe vulnerability, classified as CVE-2023-38547, enables remote code execution. An attacker exploiting this flaw could gain unauthorized access to Veeam ONE systems and potentially execute arbitrary code. The repercussions of such an attack can be devastating, ranging from data breaches to system-wide compromises.

Second Critical Vulnerability – CVE-2023-38548

The second critical vulnerability, designated as CVE-2023-38548, allows attackers to obtain hashed passwords for the Veeam ONE Reporting Service. Hashed passwords, while not immediately usable, can still be cracked or used in subsequent attacks. This flaw raises concerns about unauthorized access to sensitive information and the potential for escalating the attack.

Medium Severity Vulnerability – CVE-2023-38549

In addition to the critical vulnerabilities, Veeam also addressed a medium-severity issue, marked as CVE-2023-38549. This vulnerability impacts users with “power user” privileges, as it can be exploited to obtain the access token of a Veeam ONE administrator. Access tokens serve as digital keys and could lead to unauthorized access and compromise of critical systems if obtained.

Fourth Vulnerability – CVE-2023-41723

Another flaw addressed by the patches is CVE-2023-41723. Although classified as less severe, this vulnerability prevented attackers with read-only access from viewing the application’s dashboard schedule. By rectifying this vulnerability, Veeam reinforces the importance of providing reliable and secure access control measures.

Rollout of Patches

Veeam Software responded swiftly to these vulnerabilities, issuing hotfixes for Veeam ONE versions 11, 12, and 13. These patches address the identified security flaws, providing users with enhanced protection against potential exploits. It is crucial for administrators to proactively download and install the provided patches to fortify their systems against attacks.

Importance of Immediate Patch Installation

The severity of these vulnerabilities necessitates urgent action from users. Delaying the installation of security patches could leave systems exposed to exploitation by malicious actors. Administrators must prioritize the installation of these patches to maintain the integrity and security of their Veeam ONE environments. By promptly installing the patches, users can significantly reduce the risk of compromise and protect their data from unauthorized access.

Background of Veeam Software

Veeam Software has established itself as a trusted provider of real-time monitoring, management reporting, and business documentation for backup products. Their solutions offer comprehensive backup and recovery capabilities, ensuring the protection and availability of critical data for organizations of all sizes. As a renowned player in the industry, Veeam takes security vulnerabilities seriously, actively addressing them to maintain the confidence and trust of their user base.

Historical Attacks on Veeam’s Backup Solutions

Over the years, attackers have targeted vulnerabilities in Veeam’s backup solutions, recognizing the potential to exploit these weaknesses. This underscores the importance of promptly addressing security flaws to stay one step ahead of cybercriminals. The proactive approach adopted by Veeam Software in releasing these patches demonstrates their commitment to continuously enhancing the security of their products and protecting their customers from potential threats.

The severity of the security vulnerabilities discovered in Veeam ONE cannot be underestimated. The quick response from Veeam Software in releasing hotfixes and patches for these critical flaws is commendable. Administrators must prioritize the installation of these security patches to prevent potential attacks and mitigate the risk of unauthorized access to their Veeam ONE environments. By staying vigilant and following best practices in system security, users can ensure the protection and availability of their critical data while maintaining a robust defense against evolving cyber threats.

Digital TransformationInformation Security

Explore more

AI Redefines the Data Engineer’s Strategic Role
January 30, 2026

A self-driving vehicle misinterprets a stop sign, a diagnostic AI misses a critical tumor marker, a financial model approves a fraudulent transaction—these catastrophic failures often trace back not to a flawed algorithm, but to the silent, foundational layer of data it was built upon. In this high-stakes environment, the role of the data engineer has been irrevocably transformed. Once a

Generative AI Data Architecture – Review
January 30, 2026

The monumental migration of generative AI from the controlled confines of innovation labs into the unpredictable environment of core business operations has exposed a critical vulnerability within the modern enterprise. This review will explore the evolution of the data architectures that support it, its key components, performance requirements, and the impact it has had on business operations. The purpose of

Is Data Science Still the Sexiest Job of the 21st Century?
January 30, 2026

More than a decade after it was famously anointed by Harvard Business Review, the role of the data scientist has transitioned from a novel, almost mythical profession into a mature and deeply integrated corporate function. The initial allure, rooted in rarity and the promise of taming vast, untamed datasets, has given way to a more pragmatic reality where value is

Trend Analysis: Digital Marketing Agencies
January 30, 2026

The escalating complexity of the modern digital ecosystem has transformed what was once a manageable in-house function into a specialized discipline, compelling businesses to seek external expertise not merely for tactical execution but for strategic survival and growth. In this environment, selecting a marketing partner is one of the most critical decisions a company can make. The right agency acts

AI Will Reshape Wealth Management for a New Generation
January 30, 2026

The financial landscape is undergoing a seismic shift, driven by a convergence of forces that are fundamentally altering the very definition of wealth and the nature of advice. A decade marked by rapid technological advancement, unprecedented economic cycles, and the dawn of the largest intergenerational wealth transfer in history has set the stage for a transformative era in US wealth