CVE-2024-22021
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Veeam | Recovery Orchestrator | 6 < 6 | affected |
| Veeam | Disaster Recovery Orchestrator | 5 < 5 | affected |
| Veeam | Availability Orchestrator | 4 < 4 | affected |
| Veeam | Recovery Orchestrator | 7 < 7 | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.