Vulnerability CVE-2023-27532 in a Veeam Backup & Replication
BatuCloud Hosting Provider
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
CVSS v3 score: 7.5
The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.
This vulnerability is resolved in the following Veeam Backup & Replication build numbers:
12 (build 184.108.40.2060 P20230223)
11a (build 220.127.116.111 P20230227)