Veeam Recovery Orchestrator vulnerabilities
3 known vulnerabilities affecting veeam/recovery_orchestrator.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-29855P2CRITICALCVSS 9.0fixed in 7.0.0.379≥ 7.1, < 7.1.0.230+2 more2024-06-11
CVE-2024-29855 [CRITICAL] CWE-798 CVE-2024-29855: Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
nvd
CVE-2024-22022P3HIGHCVSS 8.8fixed in 7.0≥ 6, < 6+1 more2024-02-07
CVE-2024-22022 [HIGH] CWE-200 CVE-2024-22022: Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
nvd
CVE-2024-22021P4MEDIUMCVSS 4.3v6.0≥ 6, < 62024-02-07
CVE-2024-22021 [MEDIUM] CWE-285 CVE-2024-22021: Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (P
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
nvd