Veeam has recently disclosed a vulnerability which allows unauthenticated access to cleartext credentials. A bad actor would only require network access to exploit this vulnerability and it has been assigned a CVSS score of 7.5 HIGH. Versions before 12.0.0.1420 P20230223 and 11.0.1.1261 P20230227 are vulnerable. Leaked credentials are especially concerning in this case because they are stored by the service to allow access to a multitude of connected components and devices to facilitate backups and replication. Vulnerable instances should be upgraded to the latest version and additionally firewall rules blocking access to port 9401 on systems running the backup service can be implemented if needed.