CVE Vulnerabilities

CVE-2024-22021

Published: Feb 07, 2024 | Modified: Feb 29, 2024
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.

Affected Software

Name Vendor Start Version End Version
Availability_orchestrator Veeam 4.0 4.0
Disaster_recovery_orchestrator Veeam 5.0 5.0
Recovery_orchestrator Veeam 6.0 6.0

References