Lucene search
HistoryFeb 07, 2024 - 1:15 a.m.
CVE-2024-22021
vulnerability
veeam recovery orchestrator
user role
plan retrieval
scope
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
5.1
Confidence
High
EPSS
0
Percentile
14.0%
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
Affected configurations
Node
veeamavailability_orchestratorMatch4.0
ORveeamdisaster_recovery_orchestratorMatch5.0
ORveeamrecovery_orchestratorMatch6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| veeam | availability_orchestrator | 4.0 | cpe:2.3:a:veeam:availability_orchestrator:4.0:*:*:*:*:*:*:* |
| veeam | disaster_recovery_orchestrator | 5.0 | cpe:2.3:a:veeam:disaster_recovery_orchestrator:5.0:*:*:*:*:*:*:* |
| veeam | recovery_orchestrator | 6.0 | cpe:2.3:a:veeam:recovery_orchestrator:6.0:*:*:*:*:*:*:* |
References
Related
vulnrichment
vulnrichment
CVE-2024-22021
2024-02-07 00:53:30
prion
prion
Code injection
2024-02-07 01:15:00
cvelist
cvelist
CVE-2024-22021
2024-02-07 00:53:30
cve
cve
CVE-2024-22021
2024-02-07 01:15:08
veeam
veeam
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
5.1
Confidence
High
EPSS
0
Percentile
14.0%
Related for NVD:CVE-2024-22021