Recovery Orchestrator

recovery_orchestrator

Vendor: Veeam • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-29855 1Veeam 1Recovery Orchestrator Jul 14, 2025 Jun 11, 2024 N/A· v4 9.0 CRITICAL· v3 N/A· v2 Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVE-2024-22022 1Veeam 1Recovery Orchestrator Jun 3, 2025 Feb 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
CVE-2024-22021 1Veeam 3Availability Orchestrator Disaster Recovery OrchestratorRecovery Orchestrator Jun 5, 2025 Feb 7, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.