Recovery Orchestrator
by Veeam
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29855 | 0.02 | — | 0.22 | Jun 11, 2024 | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | |||
| CVE-2024-22022 | 0.00 | — | 0.01 | Feb 7, 2024 | Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | |||
| CVE-2024-22021 | 0.00 | — | 0.00 | Feb 7, 2024 | Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. |
- CVE-2024-29855Jun 11, 2024risk 0.02cvss —epss 0.22
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
- CVE-2024-22022Feb 7, 2024risk 0.00cvss —epss 0.01
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
- CVE-2024-22021Feb 7, 2024risk 0.00cvss —epss 0.00
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.