VYPR

Recovery Orchestrator

by Veeam

CVEs (3)

  • CVE-2024-29855Jun 11, 2024
    risk 0.02cvss epss 0.22

    Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator

  • CVE-2024-22022Feb 7, 2024
    risk 0.00cvss epss 0.01

    Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

  • CVE-2024-22021Feb 7, 2024
    risk 0.00cvss epss 0.00

    Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.