cbcvebase.
CVE-2024-22021
published 2024-02-07

CVE-2024-22021: Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the…

PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.40%
31.8th percentile
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.

Affected

6 ranges
VendorProductVersion rangeFixed in
veeamavailability_orchestrator
veeamavailability_orchestrator>= 4 < 44
veeamdisaster_recovery_orchestrator
veeamdisaster_recovery_orchestrator>= 5 < 55
veeamrecovery_orchestrator
veeamrecovery_orchestrator>= 6 < 66

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.