CVE-2024-22022 HIGH

CVE-2024-22022

Vendor Veeam
Product Recovery Orchestrator
Published February 7, 2024
Last update June 3, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/CR:X/IR:X/AR:X

What the vulnerability does

01Description

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

Key dates

02Disclosure timeline

February 7, 2024 CVE published
June 3, 2025 Record updated