Veeam warns of critical bugs in Veeam ONE monitoring platform

Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws since they let attackers gain remote code execution and steal NTLM hashes from vulnerable servers. The remaining two are medium-severity bugs that require user interaction or have limited impact. "A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database," an advisory published today says about the bug tracked as CVE-2023-38547. "A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service," the company says when describing the second critical vulnerability patched today. Veeam also fixed a security flaw tracked as CVE-2023-38549 that could let attackers with Power User roles steal the access token of an admin in a Cross-Site Scripting attack, which requires user interaction from someone with the Veeam ONE Administrator role. CVE-2023-41723, the fourth vulnerability addressed today, can be exploited by malicious actors with the Read-Only User role to access the Dashboard Schedule. Admins must stop the Veeam ONE monitoring and reporting services on impacted servers, replace the files on the disk with the files in the hotfix, and restart the services to deploy the hotfixes. In March, Veeam also fixed a high-severity Backup Service vulnerability in the Backup & Replication software that can be used to breach backup infrastructure hosts. This flaw was later targeted in attacks linked to the financially motivated FIN7 threat group, known for its connections with multiple ransomware operations, including the Conti syndicate, REvil, Maze, Egregor, and BlackBasta. Months later, the Cuba ransomware gang exploited the bug to target critical infrastructure organizations in the United States and IT firms in Latin America. Veeam says its software is used by more than 450,000 customers globally, encompassing 82% of Fortune 500 companies and 72% of those listed in the Global 2,000 annual ranking. TellYouThePass ransomware joins Apache ActiveMQ RCE attacks. New Microsoft Exchange zero-days allow RCE, data theft attacks. 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online. HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks. F5 fixes BIG-IP auth bypass allowing remote code execution attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Veeam warns of critical bugs in Veeam ONE monitoring platform

Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
1 year ago Bleepingcomputer.com CVE-2023-38547 CVE-2023-38549 CVE-2023-41723 FIN7 Cuba
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
Veeam RCE bug lets domain users hack backup servers, patch now - Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. Ransomware gangs have told BleepingComputer in the past that Veeam ...
3 weeks ago Bleepingcomputer.com CVE-2025-23120
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
1 week ago Cybersecuritynews.com
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
1 year ago Feeds.dzone.com
Veeam Data Platform 23H2 update enhances resilience against ransomware - 1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises' most critical ...
1 year ago Helpnetsecurity.com
10 Best Event Monitoring Tools in 2025 - What Could Be Better?Offers alerting and notification options that can be changed based on conditions already set.Offers a lot of ways to keep track of different IT components, services, and applications.Nagios can send out too many alerts and make ...
1 month ago Cybersecuritynews.com
Windows 11 update breaks Veeam recovery, causes connection errors - ​As a temporary workaround, while Microsoft and Veeam are currently investigating this known issue and looking for a fix, users impacted by this issue are advised to recover their computer or data using Veeam Recovery Media generated from a ...
2 weeks ago Bleepingcomputer.com
10 Best Systems Management Tools & Software - 2025 - Op5 Monitor is an advanced network monitoring solution designed for IT infrastructure management, ensuring high availability and performance across networks, servers, and applications. What is Good ?What Could Be Better?Most cost-effective, scalable, ...
1 month ago Cybersecuritynews.com
Windows 11 24H2 Update Breaks Connection to the Veeam Backup Server - For organizations planning recovery operations with Veeam in a Windows 11 environment, creating recovery media on computers running Windows 11 builds earlier than 26100.3194 is advisable until a permanent solution is available. Veeam advises ...
2 weeks ago Cybersecuritynews.com
Veeam RCE Vulnerability Let Any Domain User Hack the Backup Servers - A remote code execution (RCE) vulnerability in Veeam Backup & Replication could allow any domain user to compromise backup servers with SYSTEM-level privileges. The findings, assigned CVE-2025-23120, affect Veeam Backup & Replication ...
3 weeks ago Cybersecuritynews.com CVE-2025-23120
Monitoring Your Files for Security and Compliance | Tripwire - This may seem like a heck of a statement, but when you are monitoring against a cryptographic value or other attributes (including content), even the slightest deviation is a valid change & that change is detected and processed according to local ...
6 months ago Tripwire.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
1 year ago Darkreading.com CVE-2024-20674 CVE-2024-20700 CVE-2024-21307 CVE-2024-21318 CVE-2023-21310 CVE-2023-36036 CVE-2024-20653 CVE-2024-20698 CVE-2024-20683 CVE-2024-20686
Critical Veeam Backup & Replication Vulnerability Allows Malicious Remote Code Execution - Veeam Backup & Replication, with its large deployment footprint across enterprise environments, represents a significant target for cybercriminals, particularly ransomware operators seeking to disable recovery options before launching attacks. As ...
3 weeks ago Cybersecuritynews.com
CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago
Addressing Bias in Insider Risk Monitoring - Enterprises often take similar steps to protect data from internal and outside threats, where teams analyze activities to identify potential risks. Security operations centers defending against these threats must look at employees, partners, and ...
1 year ago Cyberdefensemagazine.com
Addressing Bias in Insider Risk Monitoring - Enterprises often take similar steps to protect data from internal and outside threats, where teams analyze activities to identify potential risks. Security operations centers defending against these threats must look at employees, partners, and ...
1 year ago Cyberdefensemagazine.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
10 months ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 CVE-2023-3519
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 week ago Cybersecuritynews.com
CVE-2023-38549 - A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as ...
7 months ago
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
1 year ago Darkreading.com CVE-2023-35618 CVE-2023-35641 CVE-2023-35630 CVE-2023-35636 CVE-2023-36696
WALLIX One helps mitigate risks associated with theft and identity compromise - WALLIX extends its suite of identity and digital access management software via its SaaS platform, WALLIX One. This platform includes essential services designated to safeguard the digital operations of companies. With WALLIX One, employees, external ...
1 year ago Helpnetsecurity.com
Trulioo Launches Global Identity Platform for Person and Business Verification - Identity verification firm Trulioo on Tuesday launched a new global identity platform for Person and Business verification. Trulioo so far sold multiple identity products, each operating in their own silos. Their products and services range from ...
2 years ago Csoonline.com
Omdia: Standalone Security Products Outsell Cybersecurity Platforms - In its many briefings with cybersecurity vendors, one of the most consistent themes Omdia hears is why enterprises need cybersecurity platforms. Instead, vendors claim, enterprises could get better outcomes if they give up their multitude of ...
1 year ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)