CVE-2024-22021

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
References
Link Resource
https://veeam.com/kb4541 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:veeam:availability_orchestrator:4.0:*:*:*:*:*:*:*
cpe:2.3:a:veeam:disaster_recovery_orchestrator:5.0:*:*:*:*:*:*:*
cpe:2.3:a:veeam:recovery_orchestrator:6.0:*:*:*:*:*:*:*

History

29 Feb 2024, 01:44

Type Values Removed Values Added
Summary (en) Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to. (en) Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.

14 Feb 2024, 21:09

Type Values Removed Values Added
References () https://veeam.com/kb4541 - () https://veeam.com/kb4541 - Vendor Advisory
CPE cpe:2.3:a:veeam:availability_orchestrator:4.0:*:*:*:*:*:*:*
cpe:2.3:a:veeam:recovery_orchestrator:6.0:*:*:*:*:*:*:*
cpe:2.3:a:veeam:disaster_recovery_orchestrator:5.0:*:*:*:*:*:*:*
First Time Veeam recovery Orchestrator
Veeam availability Orchestrator
Veeam disaster Recovery Orchestrator
Veeam
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 4.3
CWE NVD-CWE-noinfo

07 Feb 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad CVE-2024-22021 permite a un usuario de Veeam Recovery Orchestrator con un rol de privilegios bajos (Autor del plan) recuperar planes de un ámbito distinto al que están asignados.
Summary (en) Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. (en) Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to.

07 Feb 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 01:15

Updated : 2024-02-29 01:44


NVD link : CVE-2024-22021

Mitre link : CVE-2024-22021

CVE.ORG link : CVE-2024-22021


JSON object : View

Products Affected

veeam

  • disaster_recovery_orchestrator
  • availability_orchestrator
  • recovery_orchestrator