Vulnerabilities > CVE-2024-22022 - Unspecified vulnerability in Veeam Recovery Orchestrator 5.0/6.0

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
veeam

Summary

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

Vulnerable Configurations

Part Description Count
Application
Veeam
3