// For flags

CVE-2024-29855

Veeam Recovery Orchestrator Authentication Bypass

Severity Score

9.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator

El secreto JWT codificado permite omitir la autenticación en Veeam Recovery Orchestrator

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-03-21 CVE Reserved
  • 2024-06-11 CVE Published
  • 2024-06-11 EPSS Updated
  • 2024-06-17 First Exploit
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Veeam
Search vendor "Veeam"
Recovery Orchestrator
Search vendor "Veeam" for product "Recovery Orchestrator"
7.1.0.230
Search vendor "Veeam" for product "Recovery Orchestrator" and version "7.1.0.230"
en
Affected
Veeam
Search vendor "Veeam"
Recovery Orchestrator
Search vendor "Veeam" for product "Recovery Orchestrator"
7.0.0.379
Search vendor "Veeam" for product "Recovery Orchestrator" and version "7.0.0.379"
en
Affected