Lucene search
HackeroneCVELIST:CVE-2024-22021HistoryFeb 07, 2024 - 12:53 a.m.
CVE-2024-22021
2024-02-0700:53:30
hackerone
www.cve.org
3
vulnerability
veeam recovery orchestrator
user
privileged
retrieve
plans
assigned scope
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6
Confidence
High
EPSS
0
Percentile
14.0%
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
CNA Affected
[
{
"vendor": "Veeam",
"product": "Recovery Orchestrator ",
"versions": [
{
"version": "6",
"status": "affected",
"lessThan": "6",
"versionType": "semver"
}
]
},
{
"vendor": "Veeam",
"product": "Disaster Recovery Orchestrator",
"versions": [
{
"version": "5",
"status": "affected",
"lessThan": "5",
"versionType": "semver"
}
]
},
{
"vendor": "Veeam",
"product": "Availability Orchestrator",
"versions": [
{
"version": "4",
"status": "affected",
"lessThan": "4",
"versionType": "semver"
}
]
},
{
"vendor": "Veeam",
"product": "Recovery Orchestrator",
"versions": [
{
"version": "7",
"status": "unaffected",
"lessThan": "7",
"versionType": "semver"
}
]
}
]References
Related
vulnrichment
vulnrichment
CVE-2024-22021
2024-02-07 00:53:30
prion
prion
Code injection
2024-02-07 01:15:00
cve
cve
CVE-2024-22021
2024-02-07 01:15:08
nvd
nvd
CVE-2024-22021
2024-02-07 01:15:08
veeam
veeam
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVELIST:CVE-2024-22021