Security Advisory – Critical Vulnerability in Veeam Recovery Orchestrator (CVE-2024-29855)

A critical vulnerability (CVE-2024-29855) in Veeam Recovery Orchestrator version 7.0.0.337 allows attackers to hijack the web UI with administrative privileges. The attacker needs to know the exact username and role with an active access token. The issue has been resolved in versions 7.1.0.230 and 7.0.0.379. Users are advised to update to these versions to mitigate the risk.

For detailed information and patch download, visit Veeam Knowledge Base.