Vulnerabilites related to acronis - cyber_protect_cloud_agent
Vulnerability from fkie_nvd
Published
2023-12-14 14:15
Modified
2024-11-21 08:32
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update12:*:*:*:*:*:*", matchCriteriaId: "F13C19F5-D246-49B8-AC50-A2A33E42A4B3", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update3:*:*:*:*:*:*", matchCriteriaId: "25A39B45-AD7A-4466-9025-98F086FF7369", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update6:*:*:*:*:*:*", matchCriteriaId: "1F4887BE-8A9D-4FDA-8D61-240013F27CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update7:*:*:*:*:*:*", matchCriteriaId: "BF1F6E6A-7209-4A3F-BD91-5B7EF913A527", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update10:*:*:*:*:*:*", matchCriteriaId: "58A27C80-FEF3-4A82-9C72-31EC236F7B18", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update11:*:*:*:*:*:*", matchCriteriaId: "AA46A5D1-48CD-4CAC-B7BB-66E96C60B058", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update2:*:*:*:*:*:*", matchCriteriaId: "9B2A46DB-EAE5-4AB0-B951-C4F7F2B72C33", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update3:*:*:*:*:*:*", matchCriteriaId: "7A68AB88-B3F3-4028-A94F-FBB7F2511130", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update5:*:*:*:*:*:*", matchCriteriaId: "8CBFA456-3981-49D9-BD67-1BF5967EBFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update7:*:*:*:*:*:*", matchCriteriaId: "71751A99-144B-41E3-BAEC-9650D8333C40", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update8:*:*:*:*:*:*", matchCriteriaId: "642A5273-93FF-4B02-9519-A0CB586C5878", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update9:*:*:*:*:*:*", matchCriteriaId: "11536779-137C-4031-8AA2-EE7CF807230E", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:uddate1:*:*:*:*:*:*", matchCriteriaId: "DE302081-7B9F-4A84-88E5-FBE71F036F3B", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update10:*:*:*:*:*:*", matchCriteriaId: "252FD2AD-DC8B-44FD-AF1A-AD836CF2453A", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update11:*:*:*:*:*:*", matchCriteriaId: "2B45ABA8-8404-468A-B9C1-8F239D213317", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update12:*:*:*:*:*:*", matchCriteriaId: "709E6874-59DA-491D-A0EE-1FCC230C6D61", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update2:*:*:*:*:*:*", matchCriteriaId: "524F2ED8-CA74-4C84-9A4D-626111E0C090", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update3:*:*:*:*:*:*", matchCriteriaId: "F0DDE287-33E4-4A0D-AD16-9D6239DEF809", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update5:*:*:*:*:*:*", matchCriteriaId: "E94AE028-4F33-4507-AE62-FB83046A7C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update6:*:*:*:*:*:*", matchCriteriaId: "261677B5-2A5C-4FE7-A277-CC0268B308D6", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update7:*:*:*:*:*:*", matchCriteriaId: "6B675BDA-8979-403B-9281-42E92C88BE9D", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update8:*:*:*:*:*:*", matchCriteriaId: "D385D293-542B-414C-A344-3B6871D8E11B", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update9:*:*:*:*:*:*", matchCriteriaId: "5830C1E7-CA7E-41E3-B556-3F006E8433DE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.", }, { lang: "es", value: "Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilación 36943.", }, ], id: "CVE-2023-48676", lastModified: "2024-11-21T08:32:14.397", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "security@acronis.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-14T14:15:43.673", references: [ { source: "security@acronis.com", tags: [ "Vendor Advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, ], sourceIdentifier: "security@acronis.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@acronis.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-48676
Vulnerability from cvelistv5
Published
2023-12-14 13:32
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-advisory.acronis.com/advisories/SEC-5905 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Version: unspecified ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SEC-5905", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Acronis Cyber Protect Cloud Agent", vendor: "Acronis", versions: [ { lessThan: "36943", status: "affected", version: "unspecified", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.", }, ], metrics: [ { cvssV3_0: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-14T13:32:28.791Z", orgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", shortName: "Acronis", }, references: [ { name: "SEC-5905", tags: [ "vendor-advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, ], }, }, cveMetadata: { assignerOrgId: "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", assignerShortName: "Acronis", cveId: "CVE-2023-48676", datePublished: "2023-12-14T13:32:28.791Z", dateReserved: "2023-11-17T14:33:30.399Z", dateUpdated: "2024-08-02T21:37:54.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }