CVE-2024-29855 – Veeam Recovery Orchestrator Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-29855
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator El secreto JWT codificado permite omitir la autenticación en Veeam Recovery Orchestrator • https://github.com/sinsinology/CVE-2024-29855 https://www.veeam.com/kb4585 •
CVE-2024-22022
https://notcve.org/view.php?id=CVE-2024-22022
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. La vulnerabilidad CVE-2024-22022 permite a un usuario de Veeam Recovery Orchestrator al que se le ha asignado un rol con pocos privilegios acceder al hash NTLM de la cuenta de servicio utilizada por Veeam Orchestrator Server Service. • https://veeam.com/kb4541 •
CVE-2024-22021
https://notcve.org/view.php?id=CVE-2024-22021
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. La vulnerabilidad CVE-2024-22021 permite a un usuario de Veeam Recovery Orchestrator con un rol de privilegios bajos (Autor del plan) recuperar planes de un ámbito distinto al que están asignados. • https://veeam.com/kb4541 •