Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

One

Source -

CNA

CNA CVEs -

12

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
12Vulnerabilities found
CVE-2024-42021
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.23%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-28 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOneone
CWE ID-CWE-284
Improper Access Control
CVE-2024-42023
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.02%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-28 Apr, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOneone
CWE ID-CWE-284
Improper Access Control
CVE-2024-42024
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-9.1||CRITICAL
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-28 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOneone
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-42022
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.30%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-28 Apr, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOneone
CWE ID-CWE-284
Improper Access Control
CVE-2024-42020
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.3||HIGH
EPSS-0.20% / 42.37%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-27 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOne
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-42019
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-9||CRITICAL
EPSS-0.18% / 40.19%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-01 May, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOneone
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38548
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 75.87%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 06:17
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOne
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-38549
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-4.5||MEDIUM
EPSS-1.61% / 81.04%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 06:17
Updated-04 Sep, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOne
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-38547
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-9.9||CRITICAL
EPSS-10.76% / 93.06%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 06:17
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOne
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-41723
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-4.3||MEDIUM
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 06:17
Updated-29 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-oneOne
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-4003
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.6||HIGH
EPSS-0.10% / 28.50%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 12:11
Updated-23 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.

Action-Not Available
Vendor-oneidentityOne
Product-password_manager One
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2013-10001
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 07:30
Updated-15 Apr, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTC One/Sense Mail Client certificate validation

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-htcHTC
Product-sensemailsdk_apione_svone_xOneSense
CWE ID-CWE-295
Improper Certificate Validation