CVE-2023-27532

Summary

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Affected Software

VendorProductVersion RangeStatus
n/aVeeam Backup & ReplicationFixed Versions: v12 (build 12.0.0.1420 P20230223)affected
n/aVeeam Backup & Replication11a (build 11.0.1.1261 P20230227)affected

Weaknesses

  • CWE-306: Missing Authentication for Critical Function (CWE-306)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References