- Veeam Support Knowledge Base
- CVE-2023-38547 | CVE-2023-38548 | CVE-2023-38549 | CVE-2023-41723
CVE-2023-38547 | CVE-2023-38548
CVE-2023-38549 | CVE-2023-41723
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Veeam ONE 12.1 is not affected by the vulnerabilities discussed on this page.
Additionally, Veeam Recovery Orchestrator 7 is not affected by these vulnerabilities as it uses Veeam ONE 12.1.
Issue Details
CVE-2023-38547
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Affected Version(s)*: Veeam ONE 11, 11a, 12
Severity: Critical
CVSS v3.1: 9.9
CVE-2023-38548
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
Affected Version(s)*: Veeam ONE 12
Severity: Critical
CVSS v3.1 score: 9.8
CVE-2023-38549
A vulnerability in Veeam ONE allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role through the use of XSS.
Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.
Affected Version(s)*: Veeam ONE 11, 11a, 12
Severity: Medium
CVSS v3.1 score: 4.5
CVE-2023-41723
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.
Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
Affected Version(s)*: Veeam ONE 11, 11a, 12
Severity: Medium
CVSS v3.1 score: 4.3
*Vulnerability testing was only performed using actively supported versions of Veeam ONE.
Solution
A hotfix to resolve these vulnerabilities is available for the following versions:
- Veeam ONE 12 P20230314 (12.0.1.2591)
- Veeam ONE 11a (11.0.1.1880)
- Veeam ONE 11 (11.0.0.1379)
Veeam Recovery Orchestrator (formerly known as Veeam Disaster Recovery Orchestrator or Veeam Availability Orchestrator) utilizes an embedded deployment of Veeam ONE.
Customers using the following versions of Orchestrator should install the embedded Veeam ONE build's hotfix from this article.
- Veeam Recovery Orchestrator 6 P20230419 uses Veeam ONE 12 P20230314 (build 12.0.1.2591)
Note: Veeam Recovery Orchestrator 6 GA shipped with Veeam ONE 12.0.0.2498, which is not compatible with this hotfix. Check which version of Veeam ONE is installed; if 12.0.0.2498 is installed, update Veeam Recovery Orchestrator as documented in KB4437. - Veeam Disaster Recovery Orchestrator 5 uses Veeam ONE 11a (build 11.0.1.1880)
- Veeam Availability Orchestrator 4 uses Veeam ONE 11 (build 11.0.0.1379)
Download Information
Check Veeam ONE Build Number
Before downloading the hotfix, check which version of Veeam ONE is installed using one of the methods below:
- Check under Help > About in the Veeam ONE Client.
- Check within Apps and Features or Programs and Features (Appwiz.cpl).
- Run the following command on the Veeam ONE server:
Get-Package -name "Veeam ONE*"The hotfixes below were built for the specific Veeam ONE build numbers listed.
If a hotfix package intended for a specific build number is deployed on a Veeam ONE server that does not have that matching build installed, the Veeam ONE Reporting Service will fail to start.
Please review the steps in the deployment section and heed the advice to double-check which Veeam ONE build is installed before applying the hotfix.
Download Hotfix That Matches Installed Build Number
4BA7E812769F0C4FB98331E20B498C01SHA1:
1604B837E25041D863B432A6C3D1EE12E640ED620DCDD67FE151FFC8242469B75AED3025SHA1:
1AFB3B762BF46B76337A94D30066EA7F3AABBCB193B87925C4AFB030DDA6388DF31E5984SHA1:
74AD4B5A18A16276F74043F3098D6ED6132C97D0Deployment Information
- Verify the version of Veeam ONE installed using one of the methods below:
- Check under Help > About in the Veeam ONE Client.
- Check within Apps and Features or Progams and Features (Appwiz.cpl).
- Run the following command on the Veeam ONE server:
Get-Package -name "Veeam ONE*"- Download the hotfix package that matches the installed Veeam ONE build number.
- Stop the following services on the Veeam ONE server:
- Veeam ONE Monitoring Service
- Veeam ONE Reporting Service
- Replace the existing files with the files provided in the hotfix.
Note: The contents of the hotfix zip match the folder structure of the Veeam ONE Reporter ServerDefault location:
C:\Program Files\Veeam\Veeam ONE\ folder. The hotfix files must be placed in the folders that match the folder within the hotfix zip.
- DLLs in the root of the hotfix zip go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\
- Veeam.Reporter.GrpcService.dll
- Veeam.Reporter.WebApiService.dll
- Veeam.Reporter.PackInstaller.dll
- Veeam.Reporter.GrpcShared.dll
This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
- Files in the Collecting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Collecting\
- Veeam.Retriever.exe
- Veeam.Reporter.GrpcShared.dll
This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
- Veeam.Retriever.exe
- Files in the Reporting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Reporting\
- Veeam.Reporter.Reporting.exe
- Veeam.Reporter.GrpcShared.dll
This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
- Veeam.Reporter.Reporting.exe
- DLLs in the root of the hotfix zip go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\
- Start the services stopped in Step 3.
If you have any questions or require assistance, please create a Veeam Support case.
Deployment Validation
As this is a hotfix, the build number of the software will not change. As such, validating the hotfix has been deployed requires checking the hash value of the files present and comparing them to the known hash values of the files included in the hotfix.
Click the version row to expand the list of files included with the hotfix and their known SHA1 hash values.
| Filename | SHA1 Hash |
| Veeam ONE 12.0.1.2591 | |
| \Collecting\Veeam.Reporter.GrpcShared.dll | AC5A2945728E8C60BCF4E879BCAC6B235F38B5B3 |
| \Collecting\Veeam.Retriever.exe | 8FCA25B1CD81D89E3B0A977B8AF5255487610969 |
| \Reporting\Veeam.Reporter.GrpcShared.dll | 827E1929916972E6ABA25DDA15F0CD5474EBBFB8 |
| \Reporting\Veeam.Reporter.Reporting.exe | D1EC3C8E25C654106481F7DF9281BB271461E7AD |
| Veeam.Reporter.GrpcService.dll | 269AFC1424BC58612AC97B08520473FEEF518D4A |
| Veeam.Reporter.GrpcShared.dll | F0ADE6C781D673B9DB84F14AD0C2D0BE847873BD |
| Veeam.Reporter.PackInstaller.dll | B02B20BB6E45E7E9DB2D68E8FDDAADF0ADA4BCF5 |
| Veeam.Reporter.WebApiService.dll | 4406F2F4F6D7F07811946D2637DD8BB8322E91E0 |
| Veeam ONE 11.0.1.1880 | |
| \Collecting\Veeam.Retriever.exe | 21D989ACF3AA191079D40FDAE06AE1B8AFBC9C8F |
| \Reporting\Veeam.Reporter.Reporting.exe | 7359FE86A6160EF1C0C9CA913E7216DA622D6F32 |
| Veeam.Reporter.GrpcService.dll | B6B4404D50817EB73927F211A570767D6A0D3DE0 |
| Veeam.Reporter.PackInstaller.dll | CEB6EFCCB4CCA079501BE7A6DA225F2126761044 |
| Veeam.Reporter.WebApiService.dll | 28A7D7411EF41E939D1B8D6F669966EDB1C61B12 |
| Veeam ONE 11.0.0.1379 | |
| \Collecting\Veeam.Retriever.exe | AE9EE91C786D097F65B8CB26CCA253E1B4724C2C |
| \Reporting\Veeam.Reporter.Reporting.exe | DDBE4199AA973CDD71A4F3A68B5B68CD109BFF1D |
| Veeam.Reporter.GrpcService.dll | 990A1BAB5C408DC2CB53B2637E4FABCBDB943E96 |
| Veeam.Reporter.PackInstaller.dll | 717F85C39D2FAB41D720ABDDAB69B03C3AAD5ADD |
| Veeam.Reporter.WebApiService.dll | 1957C5C23C89348A9F0B9405CECC3C2985F858BB |
Check Existing File's Hash
To check the hash value of an existing file, use the following PowerShell command with the correct path to the file being checked.
Get-FileHash -Path <file-path> -Algorithm SHA1Example:
Get-FileHash -Path 'C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Veeam.Reporter.PackInstaller.dll' -Algorithm SHA1
Automated Hotfix Deployment Validator
The following script has been developed to provide customers a quick way to check which version of Veeam ONE is presently installed and whether the hotfix has been deployed.
Click to expand and view PowerShell script.
#Display Installed Veeam ONE Version
Write-Host "Checking for installed Veeam ONE..."`n
$veeamOnePackage = Get-Package -ProviderName msi | Where-Object { $_.Name -eq "Veeam ONE Reporter Server" }
if ($null -eq $veeamOnePackage) {
Write-Host "Veeam ONE does not appear to be installed on this machine."`n -ForegroundColor Red
BREAK
} else {
$installedVersion = $veeamOnePackage.Version
Write-Host "The following Veeam ONE Build is installed: $installedVersion"`n -ForegroundColor Green
# If the installed version is 12.0.0.2498 and display an update message and terminate.
if ($installedVersion -eq "12.0.0.2498") {
Write-Host "ERROR: Installed Veeam ONE build is 12.0.0.2498, update to build 12.0.1.2591 is required. See KB4430"`n -ForegroundColor Red
BREAK
}
}
# Define Veeam ONE Reporter Server Root Folder
$installLocation = $veeamOnePackage.Source
$rootFolder = Join-Path -Path $installLocation -ChildPath "Veeam ONE Reporter Server\"
# List of files to check
$fileList = @(
"Veeam.Reporter.GrpcService.dll",
"Veeam.Reporter.WebApiService.dll",
"Veeam.Reporter.PackInstaller.dll",
"Veeam.Reporter.GrpcShared.dll",
"Collecting\Veeam.Retriever.exe",
"Collecting\Veeam.Reporter.GrpcShared.dll",
"Reporting\Veeam.Reporter.Reporting.exe",
"Reporting\Veeam.Reporter.GrpcShared.dll"
)
# Dictionary of known file hash values
$hashList = @{
"Veeam.Reporter.GrpcService.dll" = @{
"SHA1" = @("269AFC1424BC58612AC97B08520473FEEF518D4A", "B6B4404D50817EB73927F211A570767D6A0D3DE0", "990A1BAB5C408DC2CB53B2637E4FABCBDB943E96")
}
"Veeam.Reporter.WebApiService.dll" = @{
"SHA1" = @("4406F2F4F6D7F07811946D2637DD8BB8322E91E0", "28A7D7411EF41E939D1B8D6F669966EDB1C61B12", "1957C5C23C89348A9F0B9405CECC3C2985F858BB")
}
"Veeam.Reporter.PackInstaller.dll" = @{
"SHA1" = @("B02B20BB6E45E7E9DB2D68E8FDDAADF0ADA4BCF5", "CEB6EFCCB4CCA079501BE7A6DA225F2126761044", "717F85C39D2FAB41D720ABDDAB69B03C3AAD5ADD")
}
"Veeam.Reporter.GrpcShared.dll" = @{
"SHA1" = @("F0ADE6C781D673B9DB84F14AD0C2D0BE847873BD")
}
"Collecting\Veeam.Retriever.exe" = @{
"SHA1" = @("8FCA25B1CD81D89E3B0A977B8AF5255487610969", "21D989ACF3AA191079D40FDAE06AE1B8AFBC9C8F", "AE9EE91C786D097F65B8CB26CCA253E1B4724C2C")
}
"Collecting\Veeam.Reporter.GrpcShared.dll" = @{
"SHA1" = @("AC5A2945728E8C60BCF4E879BCAC6B235F38B5B3")
}
"Reporting\Veeam.Reporter.Reporting.exe" = @{
"SHA1" = @("D1EC3C8E25C654106481F7DF9281BB271461E7AD", "7359FE86A6160EF1C0C9CA913E7216DA622D6F32", "DDBE4199AA973CDD71A4F3A68B5B68CD109BFF1D")
}
"Reporting\Veeam.Reporter.GrpcShared.dll" = @{
"SHA1" = @("827E1929916972E6ABA25DDA15F0CD5474EBBFB8")
}
}
# Creat array to store table data
$tableData = @()
# Check files and collect data for the table
foreach ($file in $fileList) {
# Skip checking Veeam.Reporter.GrpcShared.dll for builds 11.0.1.1880 or 11.0.0.1379 as that file was only relevant to 12.0.1.2591.
if ($file -like "*Veeam.Reporter.GrpcShared.dll") {
$fileVersion = (Get-Item (Join-Path -Path $rootFolder -ChildPath $file)).VersionInfo.FileVersion
if ($fileVersion -eq "11.0.0.1379" -or $fileVersion -eq "11.0.1.1880") {
continue
}
}
$filePath = Join-Path -Path $rootFolder -ChildPath $file
$fileDetails = $hashList[$file]
# identify file version and determine SHA1 hash
if (Test-Path $filePath) {
$fileVersion = (Get-Item $filePath).VersionInfo.FileVersion
$fileSHA1 = Get-FileHash -Path $filePath -Algorithm SHA1 | Select-Object -ExpandProperty Hash
$hashVerified = $false
# compare file on disk hash to known hotfix hash values
foreach ($hash in $fileDetails.SHA1) {
if ($fileSHA1 -eq $hash) {
$hashVerified = $true
break
}
}
} else {
$fileVersion = "N/A"
$hashVerified = $false
}
# Create an object for each file and add it to the table data array
$fileData = [PSCustomObject]@{
FileName = $file
Version = $fileVersion
"HotFix Installed" = $hashVerified
}
$tableData += $fileData
}
# Display the table
$tableData | Format-Table -AutoSize
More Information
The vulnerabilities associated with CVE-2023-38547, CVE-2023-38548, and CVE-2023-38549 were reported by Jarmo Puttonen(@putsi).
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.