cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-29855,https://securityvulnerability.io/vulnerability/CVE-2024-29855,Veeam Recovery Orchestrator Authentication Bypass Vulnerability,"The Veeam Recovery Orchestrator Authentication Bypass Vulnerability (CVE-2024-29855) allows unauthenticated attackers to log in to the Veeam Recovery Orchestrator web UI with administrative privileges due to a hardcoded JSON Web Token (JWT) secret. A proof-of-concept (PoC) exploit for the vulnerability has been released by a security researcher, making it easier to exploit than initially suggested. The vulnerability impacts Veeam Recovery Orchestrator (VRO) versions 7.0.0.337 and 7.1.0.205 and older. It is recommended to upgrade to the patched versions 7.1.0.230 and 7.0.0.379 to mitigate the risk. Due to the availability of the exploit, attackers may attempt to leverage it against unpatched systems, emphasizing the importance of applying the available security updates as soon as possible.",Veeam,Recovery Orchestrator,9,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-06-13T17:32:55.000Z,true,false,false,,2024-06-11T03:55:54.458Z,0
CVE-2024-22022,https://securityvulnerability.io/vulnerability/CVE-2024-22022,Low-Privileged Role Grants Access to Service Account NTLM Hash,"A vulnerability in Veeam Recovery Orchestrator enables users with low-privileged roles to retrieve the NTLM hash of the service account utilized by the Veeam Orchestrator Server Service. This exposure poses a significant security risk, as it can potentially allow unauthorized access or privilege escalation within the system. Proper access controls and monitoring measures are recommended to mitigate the risks associated with this vulnerability.",Veeam,"Recovery Orchestrator,Availability Orchestrator",8.8,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-02-07T00:53:30.523Z,0
CVE-2024-22021,https://securityvulnerability.io/vulnerability/CVE-2024-22021,Low-Privileged Role Users Can Access Plans from Unauthorized Scope,"Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. 
",Veeam,"Recovery Orchestrator ,Disaster Recovery Orchestrator,Availability Orchestrator,Recovery Orchestrator",4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-07T00:53:30.493Z,0