All versions of the Backup & Replication software are affected by the high-severity vulnerability in the Backup Service that Veeam fixed. This vulnerability is identified as CVE-2023-27532 (CVSS v3 score: 7.5). In order to gain access to the credentials kept in the VeeamVBR configuration database and use them to access backup infrastructure hosts, an unauthenticated attacker can take advantage of the vulnerability.
The configuration database of the Veeam Backup & Replication component contains encrypted passwords that can be obtained thanks to vulnerability CVE-2023-27532. The hosts of the backup infrastructure may then be accessed as a result. explains the company’s advisory, which is published.