CVE-2024-22022

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://veeam.com/kb4541	Vendor Advisory
https://veeam.com/kb4541	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:veeam:recovery_orchestrator:*:*:*:*:*:*:*:*

History

03 Jun 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-200

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://veeam.com/kb4541 - Vendor Advisory~~	() https://veeam.com/kb4541 - Vendor Advisory

15 Feb 2024, 18:45

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Veeam recovery Orchestrator Veeam
References	~~() https://veeam.com/kb4541 -~~	() https://veeam.com/kb4541 - Vendor Advisory
CPE		cpe:2.3:a:veeam:recovery_orchestrator::::::::

07 Feb 2024, 13:41

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad CVE-2024-22022 permite a un usuario de Veeam Recovery Orchestrator al que se le ha asignado un rol con pocos privilegios acceder al hash NTLM de la cuenta de servicio utilizada por Veeam Orchestrator Server Service.

07 Feb 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-07 01:15

Updated : 2025-06-03 19:15

NVD link : CVE-2024-22022

Mitre link : CVE-2024-22022

CVE.ORG link : CVE-2024-22022

JSON object : View

Products Affected

veeam

recovery_orchestrator

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-22022", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-07T01:15:08.487", "references": [{"url": "https://veeam.com/kb4541", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://veeam.com/kb4541", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service."}, {"lang": "es", "value": "La vulnerabilidad CVE-2024-22022 permite a un usuario de Veeam Recovery Orchestrator al que se le ha asignado un rol con pocos privilegios acceder al hash NTLM de la cuenta de servicio utilizada por Veeam Orchestrator Server Service."}], "lastModified": "2025-06-03T19:15:37.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veeam:recovery_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD02D9A8-0F48-428A-8FDC-2CD86F1E163C", "versionEndExcluding": "7.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}