Veeam: >> Recovery Orchestrator Security Vulnerabilities
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVSS Score
9.0
EPSS Score
0.154
Published
2024-06-11
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-02-07
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-02-07