CVE-2024-22022

Summary

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

Affected Software

VendorProductVersion RangeStatus
VeeamRecovery Orchestrator6 < 6affected
VeeamRecovery Orchestrator5 < 5affected
VeeamRecovery Orchestrator7 < 7unaffected
VeeamAvailability Orchestrator4 < 4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References