CVE-2024-22021

Summary

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.

Affected Software

VendorProductVersion RangeStatus
VeeamRecovery Orchestrator6 < 6affected
VeeamDisaster Recovery Orchestrator5 < 5affected
VeeamAvailability Orchestrator4 < 4affected
VeeamRecovery Orchestrator7 < 7unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References