#1 Global Leader in Data Protection & Ransomware Recovery

CVE-2023-38547 | CVE-2023-38548 

CVE-2023-38549 | CVE-2023-41723

KB ID: 4508
Product: Veeam ONE | 11 | 12
Veeam Disaster Recovery Orchestrator | 5.0
Veeam Availability Orchestrator | 4.0
Veeam Recovery Orchestrator | 6.0
Published: 2023-11-06
Last Modified: 2024-01-10
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Veeam ONE 12.1 is not affected by the vulnerabilities discussed on this page. 

Additionally, Veeam Recovery Orchestrator 7 is not affected by these vulnerabilities as it uses Veeam ONE 12.1.

Issue Details

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Affected Version(s)*: Veeam ONE 11, 11a, 12
Severity: Critical
CVSS v3.1: 9.9

 

CVE-2023-38548

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

Affected Version(s)*: Veeam ONE 12
Severity:
Critical
CVSS v3.1 score:  9.8

 

CVE-2023-38549

A vulnerability in Veeam ONE allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role through the use of XSS.
Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

Affected Version(s)*: Veeam ONE 11, 11a, 12
Severity: Medium
CVSS v3.1 score: 4.5

 

CVE-2023-41723

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.
Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.

Affected Version(s)*: Veeam ONE 11, 11a, 12
Severity: Medium
CVSS v3.1 score: 4.3

 

*Vulnerability testing was only performed using actively supported versions of Veeam ONE.

Solution

A hotfix to resolve these vulnerabilities is available for the following versions:

  • Veeam ONE 12 P20230314 (12.0.1.2591)
  • Veeam ONE 11a (11.0.1.1880)
  • Veeam ONE 11 (11.0.0.1379)
Veeam ONE is a Component of Veeam Recovery Orchestrator

Veeam Recovery Orchestrator (formerly known as Veeam Disaster Recovery Orchestrator or Veeam Availability Orchestrator) utilizes an embedded deployment of Veeam ONE.

Customers using the following versions of Orchestrator should install the embedded Veeam ONE build's hotfix from this article.

  • Veeam Recovery Orchestrator 6 P20230419 uses Veeam ONE 12 P20230314 (build 12.0.1.2591)

    Note: Veeam Recovery Orchestrator 6 GA shipped with Veeam ONE 12.0.0.2498, which is not compatible with this hotfix. Check which version of Veeam ONE is installed; if 12.0.0.2498 is installed, update Veeam Recovery Orchestrator as documented in KB4437.
  • Veeam Disaster Recovery Orchestrator 5 uses Veeam ONE 11a (build 11.0.1.1880)
  • Veeam Availability Orchestrator 4 uses Veeam ONE 11 (build 11.0.0.1379)

 

Download Information

Check Veeam ONE Build Number

Before downloading the hotfix, check which version of Veeam ONE is installed using one of the methods below:

  • Check under Help > About in the Veeam ONE Client.
  • Check within Apps and Features or Programs and Features (Appwiz.cpl).
  • Run the following command on the Veeam ONE server:
Get-Package -name "Veeam ONE*"
Hotfix Must Match Installed Build

The hotfixes below were built for the specific Veeam ONE build numbers listed.

If a hotfix package intended for a specific build number is deployed on a Veeam ONE server that does not have that matching build installed, the Veeam ONE Reporting Service will fail to start.

Please review the steps in the deployment section and heed the advice to double-check which Veeam ONE build is installed before applying the hotfix.

Download Hotfix That Matches Installed Build Number

Hotfix for 12.0.1.2591

For Veeam ONE 12 P20230314 (build 12.0.1.2591)

MD5: 4BA7E812769F0C4FB98331E20B498C01
SHA1: 1604B837E25041D863B432A6C3D1EE12E640ED62
 
Attention: This hotfix is not compatible with Veeam ONE 12 GA (build 12.0.0.2498). If Veeam ONE 12.0.0.2498 is installed, it must be updated to 12.0.1.2591 before applying the hotfix. Applying the hotfix to 12.0.0.2498 will cause the Veeam ONE Reporting Service to fail to start.

Hotfix for 11.0.1.1880

For Veeam ONE 11a (build 11.0.1.1880)
 
MD5: 0DCDD67FE151FFC8242469B75AED3025
SHA1: 1AFB3B762BF46B76337A94D30066EA7F3AABBCB1

Hotfix for 11.0.0.1379

For Veeam ONE 11 (build 11.0.0.1379)
 
MD5: 93B87925C4AFB030DDA6388DF31E5984
SHA1: 74AD4B5A18A16276F74043F3098D6ED6132C97D0

Deployment Information

  1. Verify the version of Veeam ONE installed using one of the methods below:
    • Check under Help > About in the Veeam ONE Client.
    • Check within Apps and Features or Progams and Features (Appwiz.cpl).
    • Run the following command on the Veeam ONE server:
Get-Package -name "Veeam ONE*"
Note: If Veeam ONE 12.0.0.2498 is installed, it must be updated to 12.0.1.2591 before installing the hotfix.
  1. Download the hotfix package that matches the installed Veeam ONE build number.
  2. Stop the following services on the Veeam ONE server:
    • Veeam ONE Monitoring Service
    • Veeam ONE Reporting Service
  3. Replace the existing files with the files provided in the hotfix.
    Note: The contents of the hotfix zip match the folder structure of the Veeam ONE Reporter ServerDefault location:
    C:\Program Files\Veeam\Veeam ONE\
    folder. The hotfix files must be placed in the folders that match the folder within the hotfix zip.

    • DLLs in the root of the hotfix zip go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\
      • Veeam.Reporter.GrpcService.dll
      • Veeam.Reporter.WebApiService.dll
      • Veeam.Reporter.PackInstaller.dll
      • Veeam.Reporter.GrpcShared.dll
        This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
    • Files in the Collecting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Collecting\
      • Veeam.Retriever.exe
      • Veeam.Reporter.GrpcShared.dll
        This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
    • Files in the Reporting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Reporting\
      • Veeam.Reporter.Reporting.exe
      • Veeam.Reporter.GrpcShared.dll
        This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
  4. Start the services stopped in Step 3.

 

If you have any questions or require assistance, please create a Veeam Support case.

Deployment Validation

As this is a hotfix, the build number of the software will not change. As such, validating the hotfix has been deployed requires checking the hash value of the files present and comparing them to the known hash values of the files included in the hotfix.

Click the version row to expand the list of files included with the hotfix and their known SHA1 hash values.

Filename SHA1 Hash
Veeam ONE  12.0.1.2591
\Collecting\Veeam.Reporter.GrpcShared.dll AC5A2945728E8C60BCF4E879BCAC6B235F38B5B3
\Collecting\Veeam.Retriever.exe 8FCA25B1CD81D89E3B0A977B8AF5255487610969
\Reporting\Veeam.Reporter.GrpcShared.dll 827E1929916972E6ABA25DDA15F0CD5474EBBFB8
\Reporting\Veeam.Reporter.Reporting.exe D1EC3C8E25C654106481F7DF9281BB271461E7AD
Veeam.Reporter.GrpcService.dll 269AFC1424BC58612AC97B08520473FEEF518D4A
Veeam.Reporter.GrpcShared.dll F0ADE6C781D673B9DB84F14AD0C2D0BE847873BD
Veeam.Reporter.PackInstaller.dll B02B20BB6E45E7E9DB2D68E8FDDAADF0ADA4BCF5
Veeam.Reporter.WebApiService.dll 4406F2F4F6D7F07811946D2637DD8BB8322E91E0
Veeam ONE 11.0.1.1880
\Collecting\Veeam.Retriever.exe 21D989ACF3AA191079D40FDAE06AE1B8AFBC9C8F
\Reporting\Veeam.Reporter.Reporting.exe 7359FE86A6160EF1C0C9CA913E7216DA622D6F32
Veeam.Reporter.GrpcService.dll B6B4404D50817EB73927F211A570767D6A0D3DE0
Veeam.Reporter.PackInstaller.dll CEB6EFCCB4CCA079501BE7A6DA225F2126761044
Veeam.Reporter.WebApiService.dll 28A7D7411EF41E939D1B8D6F669966EDB1C61B12
Veeam ONE 11.0.0.1379
\Collecting\Veeam.Retriever.exe AE9EE91C786D097F65B8CB26CCA253E1B4724C2C
\Reporting\Veeam.Reporter.Reporting.exe DDBE4199AA973CDD71A4F3A68B5B68CD109BFF1D
Veeam.Reporter.GrpcService.dll 990A1BAB5C408DC2CB53B2637E4FABCBDB943E96
Veeam.Reporter.PackInstaller.dll 717F85C39D2FAB41D720ABDDAB69B03C3AAD5ADD
Veeam.Reporter.WebApiService.dll 1957C5C23C89348A9F0B9405CECC3C2985F858BB
Swipe to show more of the table

Check Existing File's Hash

To check the hash value of an existing file, use the following PowerShell command with the correct path to the file being checked.

Get-FileHash -Path <file-path> -Algorithm SHA1

Example:

Get-FileHash -Path 'C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Veeam.Reporter.PackInstaller.dll' -Algorithm SHA1

Automated Hotfix Deployment Validator

The following script has been developed to provide customers a quick way to check which version of Veeam ONE is presently installed and whether the hotfix has been deployed.

Click to expand and view PowerShell script.
#Display Installed Veeam ONE Version
Write-Host "Checking for installed Veeam ONE..."`n
$veeamOnePackage = Get-Package -ProviderName msi | Where-Object { $_.Name -eq "Veeam ONE Reporter Server" }
if ($null -eq $veeamOnePackage) {
Write-Host "Veeam ONE does not appear to be installed on this machine."`n -ForegroundColor Red
BREAK
} else {
$installedVersion = $veeamOnePackage.Version
Write-Host "The following Veeam ONE Build is installed: $installedVersion"`n -ForegroundColor Green

# If the installed version is 12.0.0.2498 and display an update message and terminate.
if ($installedVersion -eq "12.0.0.2498") {
Write-Host "ERROR: Installed Veeam ONE build is 12.0.0.2498, update to build 12.0.1.2591 is required. See KB4430"`n -ForegroundColor Red
BREAK
}
}

# Define Veeam ONE Reporter Server Root Folder
$installLocation = $veeamOnePackage.Source
$rootFolder = Join-Path -Path $installLocation -ChildPath "Veeam ONE Reporter Server\"

# List of files to check
$fileList = @(
"Veeam.Reporter.GrpcService.dll",
"Veeam.Reporter.WebApiService.dll",
"Veeam.Reporter.PackInstaller.dll",
"Veeam.Reporter.GrpcShared.dll",
"Collecting\Veeam.Retriever.exe",
"Collecting\Veeam.Reporter.GrpcShared.dll",
"Reporting\Veeam.Reporter.Reporting.exe",
"Reporting\Veeam.Reporter.GrpcShared.dll"
)

# Dictionary of known file hash values
$hashList = @{
"Veeam.Reporter.GrpcService.dll" = @{
"SHA1" = @("269AFC1424BC58612AC97B08520473FEEF518D4A", "B6B4404D50817EB73927F211A570767D6A0D3DE0", "990A1BAB5C408DC2CB53B2637E4FABCBDB943E96")
}
"Veeam.Reporter.WebApiService.dll" = @{
"SHA1" = @("4406F2F4F6D7F07811946D2637DD8BB8322E91E0", "28A7D7411EF41E939D1B8D6F669966EDB1C61B12", "1957C5C23C89348A9F0B9405CECC3C2985F858BB")
}
"Veeam.Reporter.PackInstaller.dll" = @{
"SHA1" = @("B02B20BB6E45E7E9DB2D68E8FDDAADF0ADA4BCF5", "CEB6EFCCB4CCA079501BE7A6DA225F2126761044", "717F85C39D2FAB41D720ABDDAB69B03C3AAD5ADD")
}
"Veeam.Reporter.GrpcShared.dll" = @{
"SHA1" = @("F0ADE6C781D673B9DB84F14AD0C2D0BE847873BD")
}
"Collecting\Veeam.Retriever.exe" = @{
"SHA1" = @("8FCA25B1CD81D89E3B0A977B8AF5255487610969", "21D989ACF3AA191079D40FDAE06AE1B8AFBC9C8F", "AE9EE91C786D097F65B8CB26CCA253E1B4724C2C")
}
"Collecting\Veeam.Reporter.GrpcShared.dll" = @{
"SHA1" = @("AC5A2945728E8C60BCF4E879BCAC6B235F38B5B3")
}
"Reporting\Veeam.Reporter.Reporting.exe" = @{
"SHA1" = @("D1EC3C8E25C654106481F7DF9281BB271461E7AD", "7359FE86A6160EF1C0C9CA913E7216DA622D6F32", "DDBE4199AA973CDD71A4F3A68B5B68CD109BFF1D")
}
"Reporting\Veeam.Reporter.GrpcShared.dll" = @{
"SHA1" = @("827E1929916972E6ABA25DDA15F0CD5474EBBFB8")
}
}

# Creat array to store table data
$tableData = @()

# Check files and collect data for the table
foreach ($file in $fileList) {
# Skip checking Veeam.Reporter.GrpcShared.dll for builds 11.0.1.1880 or 11.0.0.1379 as that file was only relevant to 12.0.1.2591.
if ($file -like "*Veeam.Reporter.GrpcShared.dll") {
$fileVersion = (Get-Item (Join-Path -Path $rootFolder -ChildPath $file)).VersionInfo.FileVersion
if ($fileVersion -eq "11.0.0.1379" -or $fileVersion -eq "11.0.1.1880") {
continue
}
}

$filePath = Join-Path -Path $rootFolder -ChildPath $file
$fileDetails = $hashList[$file]

# identify file version and determine SHA1 hash
if (Test-Path $filePath) {
$fileVersion = (Get-Item $filePath).VersionInfo.FileVersion
$fileSHA1 = Get-FileHash -Path $filePath -Algorithm SHA1 | Select-Object -ExpandProperty Hash
$hashVerified = $false

# compare file on disk hash to known hotfix hash values
foreach ($hash in $fileDetails.SHA1) {
if ($fileSHA1 -eq $hash) {
$hashVerified = $true
break
}
}
} else {
$fileVersion = "N/A"
$hashVerified = $false
}

# Create an object for each file and add it to the table data array
$fileData = [PSCustomObject]@{
FileName = $file
Version = $fileVersion
"HotFix Installed" = $hashVerified
}
$tableData += $fileData
}

# Display the table
$tableData | Format-Table -AutoSize

More Information

The vulnerabilities associated with CVE-2023-38547, CVE-2023-38548, and CVE-2023-38549 were reported by Jarmo Puttonen(@putsi).

 

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.