QID 378989

Veeam ONE is a comprehensive solution developed by Veeam Software for managing virtual and data protection environments. Veeam ONE enables real-time monitoring, business documentation and management reporting for Veeam Backup and Replication, Veeam Backup for Microsoft 365, VMware vSphere, VMware Cloud Director and Microsoft Hyper-V.

Affected Version:
Veeam ONE versions 11, 11a and 12

Detection Logic (Authenticated):
This QID checks for Veeam ONE versions prior to Veeam ONE 12 P20230314 (12.0.1.2591), Veeam ONE 11a (11.0.1.1880), and Veeam ONE 11 (11.0.0.1379) via the uninstall Key and flags the host as vulnerable.
For these particular versions Veeam ONE 12 P20230314 (12.0.1.2591), Veeam ONE 11a (11.0.1.1880), and Veeam ONE 11 (11.0.0.1379) where a hotfix is available, it checks for the uninstall key for the Veeam ONE information and also checks if the hotfix is applied, hotfix check is performed by checking the modified date for the files mentioned in the Hotfix deployment section of the advisory here Veeam ONE KB4508.

Vulnerable Version(s) of Veeam ONE is/are prone to one or all of the following vulnerabilities:
1. CVE-2023-38547: May allow an unauthenticated remote user to perform remote code execution on the SQL server hosting the Veeam ONE configuration database.
2. CVE-2023-38548: May allow an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
3. CVE-2023-38549: May allow a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role through the use of XSS.
4. CVE-2023-41723: May allow a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.