Vulnerabilites related to Acronis - Acronis Cyber Protect 16
cve-2023-48683
Vulnerability from cvelistv5
Published
2024-04-29 15:47
Modified
2025-01-02 15:24
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5899 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "37758", status: "affected", version: "-", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-48683", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-30T14:52:11.545078Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:27:30.513Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5899", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5899", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "37758", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:24:40.944Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5899", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5899", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48683", datePublished: "2024-04-29T15:47:51.993Z", dateReserved: "2023-11-17T14:33:30.400Z", dateUpdated: "2025-01-02T15:24:40.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45246
Vulnerability from cvelistv5
Published
2023-10-06 10:07
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5903 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5903", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5903", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "36343", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-45246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:26:17.297377Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T18:30:05.159Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36343", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:18.885Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5903", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5903", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45246", datePublished: "2023-10-06T10:07:06.167Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2025-01-02T15:25:18.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55541
Vulnerability from cvelistv5
Published
2025-01-02 15:26
Modified
2025-01-02 16:52
Severity ?
EPSS score ?
Summary
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3647 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55541", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T16:52:19.483159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T16:52:29.222Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:26:55.281Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-3647", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-3647", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-55541", datePublished: "2025-01-02T15:26:55.281Z", dateReserved: "2024-12-06T17:33:33.992Z", dateUpdated: "2025-01-02T16:52:29.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34010
Vulnerability from cvelistv5
Published
2024-04-29 15:48
Modified
2024-10-15 10:33
Severity ?
EPSS score ?
Summary
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7110 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "build_37758", status: "affected", version: "-", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34010", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-29T16:59:36.817995Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:35.400Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.932Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-7110", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-7110", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "37758", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@cyberexplorer (https://hackerone.com/cyberexplorer)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-428", description: "CWE-428", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:33:36.173Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7110", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7110", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-34010", datePublished: "2024-04-29T15:48:14.398Z", dateReserved: "2024-04-29T15:33:32.845Z", dateUpdated: "2024-10-15T10:33:36.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55540
Vulnerability from cvelistv5
Published
2025-01-02 15:25
Modified
2025-01-02 17:09
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2245 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55540", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T17:09:27.889148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T17:09:38.773Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@vanitas (https://hackerone.com/vanitas)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:48.887Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-2245", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-2245", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-55540", datePublished: "2025-01-02T15:25:48.887Z", dateReserved: "2024-12-06T17:33:33.992Z", dateUpdated: "2025-01-02T17:09:38.773Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49384
Vulnerability from cvelistv5
Published
2024-10-15 10:33
Modified
2024-10-15 12:47
Severity ?
EPSS score ?
Summary
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7284 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49384", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T12:46:56.724045Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T12:47:14.120Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1327", description: "CWE-1327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:33:52.655Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7284", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7284", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-49384", datePublished: "2024-10-15T10:33:52.655Z", dateReserved: "2024-10-14T15:01:16.473Z", dateUpdated: "2024-10-15T12:47:14.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55543
Vulnerability from cvelistv5
Published
2025-01-02 15:24
Modified
2025-01-02 17:10
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6418 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55543", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T17:09:49.600510Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T17:10:10.488Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@jtonner14 (https://hackerone.com/jtonner14)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:24:26.589Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6418", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6418", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-55543", datePublished: "2025-01-02T15:24:26.589Z", dateReserved: "2024-12-06T17:33:33.992Z", dateUpdated: "2025-01-02T17:10:10.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49382
Vulnerability from cvelistv5
Published
2024-10-15 10:32
Modified
2024-10-15 12:46
Severity ?
EPSS score ?
Summary
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7286 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49382", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T12:46:18.366227Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T12:46:35.938Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1327", description: "CWE-1327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:32:55.845Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7286", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7286", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-49382", datePublished: "2024-10-15T10:32:55.845Z", dateReserved: "2024-10-14T15:01:16.473Z", dateUpdated: "2024-10-15T12:46:35.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48681
Vulnerability from cvelistv5
Published
2024-02-27 16:52
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5900 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-48681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-28T20:08:25.481937Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:27:38.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5900", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5900", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)", }, ], descriptions: [ { lang: "en", value: "Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 1.9, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T17:06:59.743Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5900", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5900", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48681", datePublished: "2024-02-27T16:52:25.743Z", dateReserved: "2023-11-17T14:33:30.400Z", dateUpdated: "2024-08-02T21:37:54.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49383
Vulnerability from cvelistv5
Published
2024-10-15 10:33
Modified
2024-10-15 12:46
Severity ?
EPSS score ?
Summary
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7285 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49383", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T12:46:37.448156Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T12:46:55.089Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1327", description: "CWE-1327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:33:14.227Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7285", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7285", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-49383", datePublished: "2024-10-15T10:33:14.227Z", dateReserved: "2024-10-14T15:01:16.473Z", dateUpdated: "2024-10-15T12:46:55.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45248
Vulnerability from cvelistv5
Published
2023-10-09 11:08
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6052 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6052", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6052", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36497", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:55:03.256Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6052", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6052", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45248", datePublished: "2023-10-09T11:08:37.009Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2024-08-02T20:14:19.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49388
Vulnerability from cvelistv5
Published
2024-10-15 10:34
Modified
2024-10-15 12:47
Severity ?
EPSS score ?
Summary
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5984 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49388", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T12:47:34.264102Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T12:47:51.115Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:34:24.960Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5984", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5984", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-49388", datePublished: "2024-10-15T10:34:24.960Z", dateReserved: "2024-10-14T15:01:16.474Z", dateUpdated: "2024-10-15T12:47:51.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-56414
Vulnerability from cvelistv5
Published
2025-01-02 15:26
Modified
2025-01-02 17:08
Severity ?
EPSS score ?
Summary
Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-1911 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-56414", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T17:08:06.251187Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T17:08:22.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-328", description: "CWE-328", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:26:10.784Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-1911", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-1911", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-56414", datePublished: "2025-01-02T15:26:10.784Z", dateReserved: "2024-12-23T18:49:13.540Z", dateUpdated: "2025-01-02T17:08:22.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45247
Vulnerability from cvelistv5
Published
2023-10-09 11:09
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-6600 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-6600", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-6600", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agent", vendor: "acronis", versions: [ { lessThan: "36497", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-45247", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T14:25:14.555886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T14:26:26.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36497", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:01.362Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-6600", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-6600", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45247", datePublished: "2023-10-09T11:09:00.897Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2025-01-02T15:25:01.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48682
Vulnerability from cvelistv5
Published
2024-02-27 16:53
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5901 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-48682", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-27T19:15:52.663536Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:02.235Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5901", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5901", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)", }, ], descriptions: [ { lang: "en", value: "Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T17:07:04.927Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5901", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5901", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48682", datePublished: "2024-02-27T16:53:05.091Z", dateReserved: "2023-11-17T14:33:30.400Z", dateUpdated: "2024-08-02T21:37:54.485Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-55542
Vulnerability from cvelistv5
Published
2025-01-02 15:26
Modified
2025-01-02 17:04
Severity ?
EPSS score ?
Summary
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5342 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-55542", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T17:03:24.328986Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T17:04:20.318Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35895", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:26:40.928Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5342", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5342", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-55542", datePublished: "2025-01-02T15:26:40.928Z", dateReserved: "2024-12-06T17:33:33.992Z", dateUpdated: "2025-01-02T17:04:20.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45241
Vulnerability from cvelistv5
Published
2023-10-05 21:57
Modified
2024-09-20 13:12
Severity ?
EPSS score ?
Summary
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5999 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:20.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5999", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5999", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45241", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T18:36:24.982118Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-20T13:12:02.515Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:54:15.100Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5999", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5999", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45241", datePublished: "2023-10-05T21:57:23.228Z", dateReserved: "2023-10-05T21:47:00.378Z", dateUpdated: "2024-09-20T13:12:02.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48678
Vulnerability from cvelistv5
Published
2024-02-27 16:45
Modified
2024-08-16 19:22
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-2319 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:53.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-2319", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-2319", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect", vendor: "acronis", versions: [ { lessThan: "37391", status: "affected", version: "16", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-48678", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-28T20:02:12.154898Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T19:22:09.595Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T17:06:40.304Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-2319", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-2319", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48678", datePublished: "2024-02-27T16:45:00.771Z", dateReserved: "2023-11-17T14:33:30.399Z", dateUpdated: "2024-08-16T19:22:09.595Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-56413
Vulnerability from cvelistv5
Published
2025-01-02 15:26
Modified
2025-01-02 17:09
Severity ?
EPSS score ?
Summary
Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7612 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-56413", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-02T17:08:53.112716Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-02T17:09:09.822Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@strgt (https://hackerone.com/strgt)", }, ], descriptions: [ { lang: "en", value: "Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:26:00.507Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7612", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7612", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-56413", datePublished: "2025-01-02T15:26:00.507Z", dateReserved: "2024-12-23T18:49:13.540Z", dateUpdated: "2025-01-02T17:09:09.822Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8766
Vulnerability from cvelistv5
Published
2024-09-16 19:45
Modified
2025-01-02 15:25
Severity ?
EPSS score ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7218 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cyber_protect_cloud_agent", vendor: "acronis", versions: [ { lessThan: "38235", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8766", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:51:30.427021Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:54:21.758Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "38235", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "39169", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "@satz4797 (https://hackerone.com/satz4797)", }, ], descriptions: [ { lang: "en", value: "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.", }, ], metrics: [ { cvssV3_0: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-427", description: "CWE-427", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T15:25:36.040Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7218", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7218", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-8766", datePublished: "2024-09-16T19:45:03.044Z", dateReserved: "2024-09-12T20:45:42.402Z", dateUpdated: "2025-01-02T15:25:36.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44211
Vulnerability from cvelistv5
Published
2023-10-05 21:14
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-4061 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-4061", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-4061", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "31637", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:46:58.037Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-4061", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-4061", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44211", datePublished: "2023-10-05T21:14:19.549Z", dateReserved: "2023-09-26T20:08:46.834Z", dateUpdated: "2024-08-02T19:59:51.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48680
Vulnerability from cvelistv5
Published
2024-02-27 16:51
Modified
2024-09-10 15:47
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5392 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-48680", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-28T20:10:50.476113Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:27:40.644Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5392", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5392", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "CWE-359", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:47:42.813Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5392", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5392", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48680", datePublished: "2024-02-27T16:51:19.284Z", dateReserved: "2023-11-17T14:33:30.399Z", dateUpdated: "2024-09-10T15:47:42.813Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44213
Vulnerability from cvelistv5
Published
2023-10-05 21:56
Modified
2024-09-10 15:48
Severity ?
EPSS score ?
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5286 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5286", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35739", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "CWE-359", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:48:22.536Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5286", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5286", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-44213", datePublished: "2023-10-05T21:56:48.957Z", dateReserved: "2023-09-26T20:08:46.835Z", dateUpdated: "2024-09-10T15:48:22.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49387
Vulnerability from cvelistv5
Published
2024-10-15 10:34
Modified
2024-10-15 12:47
Severity ?
EPSS score ?
Summary
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-7022 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49387", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T12:47:15.696036Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T12:47:32.586Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "38690", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T10:34:10.675Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-7022", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-7022", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2024-49387", datePublished: "2024-10-15T10:34:10.675Z", dateReserved: "2024-10-14T15:01:16.473Z", dateUpdated: "2024-10-15T12:47:32.586Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48679
Vulnerability from cvelistv5
Published
2024-02-27 16:45
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-3469 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Version: unspecified ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-48679", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-27T20:09:50.662424Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:04.820Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-3469", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-3469", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T17:06:47.223Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-3469", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-3469", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48679", datePublished: "2024-02-27T16:45:53.340Z", dateReserved: "2023-11-17T14:33:30.399Z", dateUpdated: "2024-08-02T21:37:54.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45244
Vulnerability from cvelistv5
Published
2023-10-06 09:47
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5907 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:19.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5907", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5907", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "35895", status: "affected", version: "unspecified", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", "macOS", "Windows", ], product: "Acronis Cyber Protect 16", vendor: "Acronis", versions: [ { lessThan: "37391", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T16:53:48.749Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5907", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5907", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-45244", datePublished: "2023-10-06T09:47:15.441Z", dateReserved: "2023-10-05T21:47:00.379Z", dateUpdated: "2024-08-02T20:14:19.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }