Skip to main content

Recovery Orchestrator

3 CVEs product

Monthly

CVE-2024-29855 CRITICAL Act Now

Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Recovery Orchestrator
NVD
CVSS 3.0
9.0
EPSS
21.6%
CVE-2024-22022 HIGH This Week

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Recovery Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22021 MEDIUM This Month

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Availability Orchestrator Disaster Recovery Orchestrator Recovery Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.4%
EPSS 22% CVSS 9.0
CRITICAL Act Now

Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Recovery Orchestrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Recovery Orchestrator
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Availability Orchestrator Disaster Recovery Orchestrator +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy