Veeam Recovery Orchestrator Flaw Enables Forge of Valid JWT Tokens
Veeam Recovery Orchestrator Flaw Enables Forge of Valid JWT Tokens
Summary:
A critical authentication bypass vulnerability in Veeam Recovery Orchestrator, tracked as CVE-2024-29855, has been disclosed. This vulnerability poses a serious security risk by allowing unauthorized attackers to access the Veeam Recovery Orchestrator web interface (UI) with administrative privileges. Furthermore, a proof-of-concept (PoC) exploit is now available, heightening the urgency for organizations to apply mitigations promptly.
Threat Level – Red | Vulnerability Report
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.