CVE-2023-41723

moderate-risk
Published 2023-11-07

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (4)

One
One
One
One

Affected Vendors

Veeam

References (2)

Patch https://www.veeam.com/kb4508
Patch https://www.veeam.com/kb4508
32
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 4/34 · Minimal
Exposure 10/34 · Low