Описание
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:veeam:availability_orchestrator:4.0:*:*:*:*:*:*:*
cpe:2.3:a:veeam:disaster_recovery_orchestrator:5.0:*:*:*:*:*:*:*
cpe:2.3:a:veeam:recovery_orchestrator:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00334
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-285
Связанные уязвимости
CVSS3: 6.5
github
около 2 лет назад
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
EPSS
Процентиль: 56%
0.00334
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-285