CVE-2024-22022

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
References
Link Resource
https://veeam.com/kb4541 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:veeam:recovery_orchestrator:*:*:*:*:*:*:*:*

History

15 Feb 2024, 18:45

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Veeam recovery Orchestrator
Veeam
References () https://veeam.com/kb4541 - () https://veeam.com/kb4541 - Vendor Advisory
CPE cpe:2.3:a:veeam:recovery_orchestrator:*:*:*:*:*:*:*:*

07 Feb 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad CVE-2024-22022 permite a un usuario de Veeam Recovery Orchestrator al que se le ha asignado un rol con pocos privilegios acceder al hash NTLM de la cuenta de servicio utilizada por Veeam Orchestrator Server Service.

07 Feb 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 01:15

Updated : 2024-02-15 18:45


NVD link : CVE-2024-22022

Mitre link : CVE-2024-22022

CVE.ORG link : CVE-2024-22022


JSON object : View

Products Affected

veeam

  • recovery_orchestrator