Vulnerabilites related to Acronis - Acronis Agent
cve-2023-44212
Vulnerability from cvelistv5
Published
2023-10-05 21:01
Modified
2024-09-19 18:49
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5528 | vendor-advisory | |
| https://security-advisory.acronis.com/SEC-2159 | related |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.650Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5528", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5528", }, { name: "SEC-2159", tags: [ "related", "x_transferred", ], url: "https://security-advisory.acronis.com/SEC-2159", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "agent", vendor: "acronis", versions: [ { lessThan: "c23.01", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-44212", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:47:42.466047Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T18:49:02.134Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "31477", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T21:01:44.247Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5528", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5528", }, { name: "SEC-2159", tags: [ "related", ], url: "https://security-advisory.acronis.com/SEC-2159", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44212", datePublished: "2023-10-05T21:01:44.247Z", dateReserved: "2023-09-26T20:08:46.835Z", dateUpdated: "2024-09-19T18:49:02.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44210
Vulnerability from cvelistv5
Published
2023-10-04 19:53
Modified
2024-09-19 15:43
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2159 | vendor-advisory | |
| https://security-advisory.acronis.com/SEC-5528 | related |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-2159", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2159", }, { name: "SEC-5528", tags: [ "related", "x_transferred", ], url: "https://security-advisory.acronis.com/SEC-5528", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:c22.03:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agent", vendor: "acronis", versions: [ { status: "affected", version: "c22.03", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-44210", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T15:41:58.370909Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T15:43:10.795Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "29258", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T21:01:55.705Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-2159", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-2159", }, { name: "SEC-5528", tags: [ "related", ], url: "https://security-advisory.acronis.com/SEC-5528", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44210", datePublished: "2023-10-04T19:53:12.772Z", dateReserved: "2023-09-26T20:08:46.834Z", dateUpdated: "2024-09-19T15:43:10.795Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41749
Vulnerability from cvelistv5
Published
2023-08-31 20:17
Modified
2024-09-26 20:44
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5287 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:48.177Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5287", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5287", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41749", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:26:45.800270Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:44:01.039Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "32047", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "35979", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T20:17:55.126Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5287", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5287", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41749", datePublished: "2023-08-31T20:17:55.126Z", dateReserved: "2023-08-31T14:10:27.638Z", dateUpdated: "2024-09-26T20:44:01.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44199
Vulnerability from cvelistv5
Published
2021-11-29 18:19
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2508 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:17:24.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2508", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "28035", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "27305", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "39612", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2021-11-25T00:00:00", descriptions: [ { lang: "en", value: "DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-29T18:19:12", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-advisory.acronis.com/advisories/SEC-2508", }, ], source: { advisory: "SEC-2508", defect: [ "SEC-2508", ], discovery: "INTERNAL", }, title: "DLL hijacking could lead to denial of service", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@acronis.com", DATE_PUBLIC: "2021-11-25T00:00:00.000Z", ID: "CVE-2021-44199", STATE: "PUBLIC", TITLE: "DLL hijacking could lead to denial of service", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Acronis Cyber Protect 15", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "28035", }, ], }, }, { product_name: "Acronis Agent", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "27305", }, ], }, }, { product_name: "Acronis Cyber Protect Home Office", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "39612", }, ], }, }, ], }, vendor_name: "Acronis", }, ], }, }, credit: [], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-427", }, ], }, ], }, references: { reference_data: [ { name: "https://security-advisory.acronis.com/advisories/SEC-2508", refsource: "MISC", url: "https://security-advisory.acronis.com/advisories/SEC-2508", }, ], }, source: { advisory: "SEC-2508", defect: [ "SEC-2508", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2021-44199", datePublished: "2021-11-29T18:19:12.590356Z", dateReserved: "2021-11-24T00:00:00", dateUpdated: "2024-09-16T22:20:30.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45240
Vulnerability from cvelistv5
Published
2023-10-05 21:57
Modified
2024-09-20 13:12
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5904 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5904", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5904", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45240", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:36:30.639917Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-20T13:12:25.976Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T21:57:11.962Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5904", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5904", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45240", datePublished: "2023-10-05T21:57:11.962Z", dateReserved: "2023-10-05T21:47:00.378Z", dateUpdated: "2024-09-20T13:12:25.976Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41743
Vulnerability from cvelistv5
Published
2023-08-31 15:04
Modified
2024-10-01 17:32
Severity ?
EPSS score ?
Summary
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5487 | vendor-advisory | |
| https://security-advisory.acronis.com/SEC-4858 | related |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified ≤ |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:47.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5487", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5487", }, { name: "SEC-4858", tags: [ "related", "x_transferred", ], url: "https://security-advisory.acronis.com/SEC-4858", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "cyber_protect", vendor: "acronis", versions: [ { lessThan: "35979", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "cyber_protect_home_office", vendor: "acronis", versions: [ { lessThan: "40278", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "agent", vendor: "acronis", versions: [ { lessThan: "31637", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-41743", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T17:29:00.348301Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T17:32:05.640Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "40278", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "31637", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "35979", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@alfarom256 (https://hackerone.com/alfarom256)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T19:14:03.530Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5487", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5487", }, { name: "SEC-4858", tags: [ "related", ], url: "https://security-advisory.acronis.com/SEC-4858", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41743", datePublished: "2023-08-31T15:04:10.802Z", dateReserved: "2023-08-31T14:10:27.638Z", dateUpdated: "2024-10-01T17:32:05.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41745
Vulnerability from cvelistv5
Published
2023-08-31 17:16
Modified
2024-09-27 14:16
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2008 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:47.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-2008", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2008", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41745", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T13:05:14.356631Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T14:16:25.438Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30991", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "35979", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T17:16:56.516Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-2008", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-2008", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41745", datePublished: "2023-08-31T17:16:56.516Z", dateReserved: "2023-08-31T14:10:27.638Z", dateUpdated: "2024-09-27T14:16:25.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34800
Vulnerability from cvelistv5
Published
2021-11-29 19:16
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3145 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified < 27147 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:26:53.968Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-3145", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "27147", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Linux", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "27147", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "macOS", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "27147", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2021-11-25T00:00:00", descriptions: [ { lang: "en", value: "Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-29T19:16:14", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-advisory.acronis.com/advisories/SEC-3145", }, ], source: { advisory: "SEC-3145", defect: [ "SEC-3145", ], discovery: "INTERNAL", }, title: "Sensitive information could be logged", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@acronis.com", DATE_PUBLIC: "2021-11-25T00:00:00.000Z", ID: "CVE-2021-34800", STATE: "PUBLIC", TITLE: "Sensitive information could be logged", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Acronis Agent", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "27147", }, { platform: "Linux", version_affected: "<", version_value: "27147", }, { platform: "macOS", version_affected: "<", version_value: "27147", }, ], }, }, ], }, vendor_name: "Acronis", }, ], }, }, credit: [], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-532", }, ], }, ], }, references: { reference_data: [ { name: "https://security-advisory.acronis.com/advisories/SEC-3145", refsource: "MISC", url: "https://security-advisory.acronis.com/advisories/SEC-3145", }, ], }, source: { advisory: "SEC-3145", defect: [ "SEC-3145", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2021-34800", datePublished: "2021-11-29T19:16:14.115409Z", dateReserved: "2021-06-16T00:00:00", dateUpdated: "2024-09-16T19:30:26.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45454
Vulnerability from cvelistv5
Published
2023-02-13 09:25
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4379 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4379", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4379", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30161", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@tkoyeung (https://hackerone.com/tkoyeung)", }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 2.2, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-13T09:25:26.680Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4379", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4379", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45454", datePublished: "2023-02-13T09:25:26.680Z", dateReserved: "2022-11-16T16:45:58.651Z", dateUpdated: "2024-08-03T14:17:03.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44214
Vulnerability from cvelistv5
Published
2023-10-05 21:57
Modified
2024-09-20 13:12
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5902 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5902", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5902", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44214", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:36:37.345471Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-20T13:12:51.119Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T21:57:00.522Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5902", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5902", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44214", datePublished: "2023-10-05T21:57:00.522Z", dateReserved: "2023-09-26T20:08:46.835Z", dateUpdated: "2024-09-20T13:12:51.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45245
Vulnerability from cvelistv5
Published
2023-10-06 09:53
Modified
2024-09-19 18:30
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6017 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6017", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6017", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45245", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:30:32.703074Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T18:30:43.249Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "36119", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-06T09:53:55.524Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6017", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6017", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45245", datePublished: "2023-10-06T09:53:55.524Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2024-09-19T18:30:43.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45451
Vulnerability from cvelistv5
Published
2023-08-31 14:43
Modified
2024-10-01 17:50
Severity ?
EPSS score ?
Summary
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4858 | vendor-advisory | |
| https://security-advisory.acronis.com/SEC-5487 | related |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified ≤ |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:00.914Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4858", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4858", }, { name: "SEC-5487", tags: [ "related", "x_transferred", ], url: "https://security-advisory.acronis.com/SEC-5487", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45451", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T17:50:00.443727Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T17:50:36.690Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "40173", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30600", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@alfarom256 (https://hackerone.com/alfarom256)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T14:43:49.464Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4858", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4858", }, { name: "SEC-5487", tags: [ "related", ], url: "https://security-advisory.acronis.com/SEC-5487", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45451", datePublished: "2023-08-31T14:43:49.464Z", dateReserved: "2022-11-16T16:45:58.650Z", dateUpdated: "2024-10-01T17:50:36.690Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45242
Vulnerability from cvelistv5
Published
2023-10-05 21:57
Modified
2024-09-19 17:30
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6018 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6018", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6018", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45242", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T17:30:15.068298Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T17:30:32.097Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T21:57:35.406Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6018", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6018", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45242", datePublished: "2023-10-05T21:57:35.406Z", dateReserved: "2023-10-05T21:47:00.378Z", dateUpdated: "2024-09-19T17:30:32.097Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45247
Vulnerability from cvelistv5
Published
2023-10-09 11:09
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6600 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6600", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6600", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agent", vendor: "acronis", versions: [ { lessThan: "36497", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-45247", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T14:25:14.555886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T14:26:26.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36497", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:01.362Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6600", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6600", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45247", datePublished: "2023-10-09T11:09:00.897Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2025-01-02T15:25:01.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45452
Vulnerability from cvelistv5
Published
2023-05-18 09:21
Modified
2025-01-22 14:44
Severity ?
EPSS score ?
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3967 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:00.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-3967", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-3967", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45452", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:44:16.653287Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T14:44:25.933Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30430", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@netero1010 (https://hackerone.com/netero1010)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-18T09:21:55.932Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-3967", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-3967", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45452", datePublished: "2023-05-18T09:21:55.932Z", dateReserved: "2022-11-16T16:45:58.650Z", dateUpdated: "2025-01-22T14:44:25.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44204
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-17 01:12
Severity ?
EPSS score ?
Summary
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2355 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:17:24.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2355", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "28035", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "27147", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "39612", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis True Image 2021", vendor: "Acronis", versions: [ { lessThan: "39287", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "@xnand (https://hackerone.com/xnand)", }, ], datePublic: "2022-02-02T00:00:00", descriptions: [ { lang: "en", value: "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-04T22:29:33", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-advisory.acronis.com/advisories/SEC-2355", }, ], source: { advisory: "SEC-2355", defect: [ "SEC-2355", ], discovery: "EXTERNAL", }, title: "Local privilege escalation via named pipe due to improper access control checks", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@acronis.com", DATE_PUBLIC: "2022-02-02T00:00:00.000Z", ID: "CVE-2021-44204", STATE: "PUBLIC", TITLE: "Local privilege escalation via named pipe due to improper access control checks", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Acronis Cyber Protect 15", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "28035", }, ], }, }, { product_name: "Acronis Agent", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "27147", }, ], }, }, { product_name: "Acronis Cyber Protect Home Office", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "39612", }, ], }, }, { product_name: "Acronis True Image 2021", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "39287", }, ], }, }, ], }, vendor_name: "Acronis", }, ], }, }, credit: [ { lang: "eng", value: "@xnand (https://hackerone.com/xnand)", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285", }, ], }, ], }, references: { reference_data: [ { name: "https://security-advisory.acronis.com/advisories/SEC-2355", refsource: "MISC", url: "https://security-advisory.acronis.com/advisories/SEC-2355", }, ], }, source: { advisory: "SEC-2355", defect: [ "SEC-2355", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2021-44204", datePublished: "2022-02-04T22:29:33.071413Z", dateReserved: "2021-11-24T00:00:00", dateUpdated: "2024-09-17T01:12:21.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45458
Vulnerability from cvelistv5
Published
2023-05-18 09:25
Modified
2025-01-22 14:43
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3952 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-3952", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-3952", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45458", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:42:58.378034Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T14:43:05.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "macOS", "Linux", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "29633", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "macOS", "Linux", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-18T09:25:04.232Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-3952", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-3952", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45458", datePublished: "2023-05-18T09:25:04.232Z", dateReserved: "2022-11-16T16:45:58.652Z", dateUpdated: "2025-01-22T14:43:05.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45459
Vulnerability from cvelistv5
Published
2023-05-18 09:26
Modified
2025-01-22 16:18
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3196 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-3196", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-3196", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45459", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T16:18:54.800223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T16:18:57.514Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30025", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.8, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-18T09:26:22.045Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-3196", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-3196", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45459", datePublished: "2023-05-18T09:26:22.045Z", dateReserved: "2022-11-16T16:45:58.652Z", dateUpdated: "2025-01-22T16:18:57.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45243
Vulnerability from cvelistv5
Published
2023-10-05 21:57
Modified
2024-09-19 17:28
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6019 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6019", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6019", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45243", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T17:28:12.048552Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T17:28:23.381Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-05T21:57:49.413Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6019", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6019", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45243", datePublished: "2023-10-05T21:57:49.413Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2024-09-19T17:28:23.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30990
Vulnerability from cvelistv5
Published
2022-05-18 19:38
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2299 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 29240 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:03:40.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2299", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Linux", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "29240", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Linux", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "28037", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-05-18T00:00:00", descriptions: [ { lang: "en", value: "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-18T19:38:04", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-advisory.acronis.com/advisories/SEC-2299", }, ], source: { advisory: "SEC-2299", defect: [ "SEC-2299", ], discovery: "INTERNAL", }, title: "Sensitive information disclosure due to insecure folder permissions", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@acronis.com", DATE_PUBLIC: "2022-05-18T00:00:00.000Z", ID: "CVE-2022-30990", STATE: "PUBLIC", TITLE: "Sensitive information disclosure due to insecure folder permissions", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Acronis Cyber Protect 15", version: { version_data: [ { platform: "Linux", version_affected: "<", version_value: "29240", }, ], }, }, { product_name: "Acronis Agent", version: { version_data: [ { platform: "Linux", version_affected: "<", version_value: "28037", }, ], }, }, ], }, vendor_name: "Acronis", }, ], }, }, credit: [], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://security-advisory.acronis.com/advisories/SEC-2299", refsource: "MISC", url: "https://security-advisory.acronis.com/advisories/SEC-2299", }, ], }, source: { advisory: "SEC-2299", defect: [ "SEC-2299", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-30990", datePublished: "2022-05-18T19:38:04.964724Z", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-09-17T03:49:05.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45457
Vulnerability from cvelistv5
Published
2023-05-18 09:23
Modified
2025-01-22 14:43
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3957 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.533Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-3957", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-3957", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45457", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:43:35.259080Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T14:43:42.077Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "29633", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-18T09:23:51.453Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-3957", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-3957", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45457", datePublished: "2023-05-18T09:23:51.453Z", dateReserved: "2022-11-16T16:45:58.652Z", dateUpdated: "2025-01-22T14:43:42.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41742
Vulnerability from cvelistv5
Published
2023-08-31 14:27
Modified
2024-09-27 14:17
Severity ?
EPSS score ?
Summary
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4351 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:47.922Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4351", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4351", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41742", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T13:05:43.523177Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T14:17:36.928Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30430", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "35979", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1327", description: "CWE-1327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T14:27:28.948Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4351", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4351", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41742", datePublished: "2023-08-31T14:27:28.948Z", dateReserved: "2023-08-31T14:10:27.637Z", dateUpdated: "2024-09-27T14:17:36.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44209
Vulnerability from cvelistv5
Published
2023-10-04 19:44
Modified
2024-09-19 15:31
Severity ?
EPSS score ?
Summary
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2119 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.914Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-2119", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2119", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44209", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T15:31:06.328497Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T15:31:13.933Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "29051", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-610", description: "CWE-610", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-04T19:44:00.895Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-2119", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-2119", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44209", datePublished: "2023-10-04T19:44:00.895Z", dateReserved: "2023-09-26T20:08:46.834Z", dateUpdated: "2024-09-19T15:31:13.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41751
Vulnerability from cvelistv5
Published
2023-08-31 20:18
Modified
2024-10-01 16:54
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5615 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:47.895Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5615", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5615", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "agent", vendor: "acronis", versions: [ { lessThan: "32047", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-41751", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T16:53:14.192253Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T16:54:16.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "32047", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T20:18:30.546Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5615", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5615", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41751", datePublished: "2023-08-31T20:18:30.546Z", dateReserved: "2023-08-31T14:10:27.639Z", dateUpdated: "2024-10-01T16:54:16.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45455
Vulnerability from cvelistv5
Published
2023-02-13 09:27
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4459 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Home Office |
Version: unspecified ≤ |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:00.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4459", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4459", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "40107", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30025", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@tkoyeung (https://hackerone.com/tkoyeung)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-459", description: "CWE-459", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-13T09:32:54.093Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4459", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4459", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45455", datePublished: "2023-02-13T09:27:01.356Z", dateReserved: "2022-11-16T16:45:58.651Z", dateUpdated: "2024-08-03T14:17:00.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45450
Vulnerability from cvelistv5
Published
2023-05-18 09:27
Modified
2025-01-22 16:18
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2410 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-2410", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2410", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45450", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T16:18:38.192533Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T16:18:42.210Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "28610", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "30984", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-18T09:27:38.534Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-2410", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-2410", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45450", datePublished: "2023-05-18T09:27:38.534Z", dateReserved: "2022-11-16T16:45:58.650Z", dateUpdated: "2025-01-22T16:18:42.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41744
Vulnerability from cvelistv5
Published
2023-08-31 15:14
Modified
2024-10-01 17:25
Severity ?
EPSS score ?
Summary
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4728 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:47.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4728", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4728", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agent", vendor: "acronis", versions: [ { lessThan: "30600", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "cyber_protect", vendor: "acronis", versions: [ { lessThan: "35979", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-41744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T17:22:05.776787Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T17:25:21.815Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "macOS", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30600", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "macOS", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "35979", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@vkas-afk (https://hackerone.com/vkas-afk)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T15:14:13.720Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4728", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4728", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41744", datePublished: "2023-08-31T15:14:13.720Z", dateReserved: "2023-08-31T14:10:27.638Z", dateUpdated: "2024-10-01T17:25:21.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45456
Vulnerability from cvelistv5
Published
2023-04-26 19:54
Modified
2025-01-30 21:28
Severity ?
EPSS score ?
Summary
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4149 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4149", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4149", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-45456", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-30T21:28:37.660358Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-30T21:28:40.529Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "macOS", "Linux", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "30161", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-26T19:54:03.119Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4149", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4149", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-45456", datePublished: "2023-04-26T19:54:03.119Z", dateReserved: "2022-11-16T16:45:58.652Z", dateUpdated: "2025-01-30T21:28:40.529Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24113
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2881 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 15 |
Version: unspecified < 28035 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:59:23.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2881", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Windows", ], product: "Acronis Cyber Protect 15", vendor: "Acronis", versions: [ { lessThan: "28035", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "27147", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis Cyber Protect Home Office", vendor: "Acronis", versions: [ { lessThan: "39612", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Windows", ], product: "Acronis True Image 2021", vendor: "Acronis", versions: [ { lessThan: "39287", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "@penrose (https://hackerone.com/penrose)", }, ], datePublic: "2022-02-02T00:00:00", descriptions: [ { lang: "en", value: "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-04T22:29:30", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-advisory.acronis.com/advisories/SEC-2881", }, ], source: { advisory: "SEC-2881", defect: [ "SEC-2881", ], discovery: "EXTERNAL", }, title: "Local privilege escalation due to excessive permissions assigned to child processes", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@acronis.com", DATE_PUBLIC: "2022-02-02T00:00:00.000Z", ID: "CVE-2022-24113", STATE: "PUBLIC", TITLE: "Local privilege escalation due to excessive permissions assigned to child processes", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Acronis Cyber Protect 15", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "28035", }, ], }, }, { product_name: "Acronis Agent", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "27147", }, ], }, }, { product_name: "Acronis Cyber Protect Home Office", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "39612", }, ], }, }, { product_name: "Acronis True Image 2021", version: { version_data: [ { platform: "Windows", version_affected: "<", version_value: "39287", }, ], }, }, ], }, vendor_name: "Acronis", }, ], }, }, credit: [ { lang: "eng", value: "@penrose (https://hackerone.com/penrose)", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-250", }, ], }, ], }, references: { reference_data: [ { name: "https://security-advisory.acronis.com/advisories/SEC-2881", refsource: "MISC", url: "https://security-advisory.acronis.com/advisories/SEC-2881", }, ], }, source: { advisory: "SEC-2881", defect: [ "SEC-2881", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2022-24113", datePublished: "2022-02-04T22:29:30.215128Z", dateReserved: "2022-01-28T00:00:00", dateUpdated: "2024-09-16T19:57:01.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4688
Vulnerability from cvelistv5
Published
2023-08-31 20:26
Modified
2024-09-26 20:35
Severity ?
EPSS score ?
Summary
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5782 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5782", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5782", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4688", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:17:12.895413Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:35:33.496Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "35433", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T20:26:56.338Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5782", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5782", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-4688", datePublished: "2023-08-31T20:26:56.338Z", dateReserved: "2023-08-31T20:23:36.131Z", dateUpdated: "2024-09-26T20:35:33.496Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41750
Vulnerability from cvelistv5
Published
2023-08-31 20:18
Modified
2024-09-26 20:41
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5382 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:47.974Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5382", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5382", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41750", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:20:26.467572Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:41:33.369Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Agent", vendor: "Acronis", versions: [ { lessThan: "32047", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T20:18:09.205Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5382", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5382", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-41750", datePublished: "2023-08-31T20:18:09.205Z", dateReserved: "2023-08-31T14:10:27.638Z", dateUpdated: "2024-09-26T20:41:33.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }