Veeam Recovery Orchestrator
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Veeam Recovery Orchestrator.
By the Year
In 2026 there have been 0 vulnerabilities in Veeam Recovery Orchestrator. Recovery Orchestrator did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 3 | 8.80 |
It may take a day or so for new Recovery Orchestrator vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Veeam Recovery Orchestrator Security Vulnerabilities
Veeam Recovery Orchestrator JWT Secret Leak Bypass Auth
CVE-2024-29855
- June 11, 2024
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
Veeam Recovery Orchestrator: Privilege Escalation via Scope Enumeration
CVE-2024-22021
- February 07, 2024
VulnerabilityCVE-2024-22021 allowsaVeeam Recovery Orchestrator user with a lowprivilegedrole (PlanAuthor)to retrieveplansfromaScope other than the one they are assigned to.
AuthZ
Veeam ROI: NTLM Hash Leak via Low-Privileged Role
CVE-2024-22022
8.8 - High
- February 07, 2024
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Veeam Recovery Orchestrator or by Veeam? Click the Watch button to subscribe.
