Article Details
Scrape Timestamp (UTC): 2023-11-07 05:11:18.515
Source: https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html
Original Article Text
Click to Toggle View
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now. Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - While CVE-2023-38547, CVE-2023-38548, and CVE-2023-41723 impact Veeam ONE versions 11, 11a, 12, CVE-2023-38548 affects only Veeam ONE 12. Fixes for the issues are available in the below versions - Over the past few months, critical flaws in the Veeam backup software have been exploited by multiple threat actors, including FIN7 and BlackCat ransomware, to distribute malware. Users running the affected versions are recommended to stop the Veeam ONE Monitoring and Reporting services, replace the existing files with the files provided in the hotfix, and restart the two services.
Daily Brief Summary
Veeam has rolled out security updates to tackle four weaknesses found in its ONE IT monitoring and analytics platform, with two being seen as critical.
The vulnerabilities affect versions 11, 11a, and 12 of Veeam ONE, but CVE-2023-38548 is specific to version 12.
Over the past few months, threat groups such as FIN7 and BlackCat ransomware have leveraged significant flaws in Veeam's backup software to deliver malware.
To prevent potential exploitation, users with affected versions of Veeam ONE are advised to halt the Monitoring and Reporting services, replace current files with those provided in the hotfix, and then restart these services.