fkie_cve-2023-48676
Vulnerability from fkie_nvd
Published
2023-12-14 14:15
Modified
2024-11-21 08:32
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update12:*:*:*:*:*:*", matchCriteriaId: "F13C19F5-D246-49B8-AC50-A2A33E42A4B3", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update3:*:*:*:*:*:*", matchCriteriaId: "25A39B45-AD7A-4466-9025-98F086FF7369", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update6:*:*:*:*:*:*", matchCriteriaId: "1F4887BE-8A9D-4FDA-8D61-240013F27CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:21:update7:*:*:*:*:*:*", matchCriteriaId: "BF1F6E6A-7209-4A3F-BD91-5B7EF913A527", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update10:*:*:*:*:*:*", matchCriteriaId: "58A27C80-FEF3-4A82-9C72-31EC236F7B18", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update11:*:*:*:*:*:*", matchCriteriaId: "AA46A5D1-48CD-4CAC-B7BB-66E96C60B058", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update2:*:*:*:*:*:*", matchCriteriaId: "9B2A46DB-EAE5-4AB0-B951-C4F7F2B72C33", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update3:*:*:*:*:*:*", matchCriteriaId: "7A68AB88-B3F3-4028-A94F-FBB7F2511130", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update5:*:*:*:*:*:*", matchCriteriaId: "8CBFA456-3981-49D9-BD67-1BF5967EBFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update7:*:*:*:*:*:*", matchCriteriaId: "71751A99-144B-41E3-BAEC-9650D8333C40", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update8:*:*:*:*:*:*", matchCriteriaId: "642A5273-93FF-4B02-9519-A0CB586C5878", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:22:update9:*:*:*:*:*:*", matchCriteriaId: "11536779-137C-4031-8AA2-EE7CF807230E", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:uddate1:*:*:*:*:*:*", matchCriteriaId: "DE302081-7B9F-4A84-88E5-FBE71F036F3B", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update10:*:*:*:*:*:*", matchCriteriaId: "252FD2AD-DC8B-44FD-AF1A-AD836CF2453A", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update11:*:*:*:*:*:*", matchCriteriaId: "2B45ABA8-8404-468A-B9C1-8F239D213317", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update12:*:*:*:*:*:*", matchCriteriaId: "709E6874-59DA-491D-A0EE-1FCC230C6D61", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update2:*:*:*:*:*:*", matchCriteriaId: "524F2ED8-CA74-4C84-9A4D-626111E0C090", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update3:*:*:*:*:*:*", matchCriteriaId: "F0DDE287-33E4-4A0D-AD16-9D6239DEF809", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update5:*:*:*:*:*:*", matchCriteriaId: "E94AE028-4F33-4507-AE62-FB83046A7C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update6:*:*:*:*:*:*", matchCriteriaId: "261677B5-2A5C-4FE7-A277-CC0268B308D6", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update7:*:*:*:*:*:*", matchCriteriaId: "6B675BDA-8979-403B-9281-42E92C88BE9D", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update8:*:*:*:*:*:*", matchCriteriaId: "D385D293-542B-414C-A344-3B6871D8E11B", vulnerable: true, }, { criteria: "cpe:2.3:a:acronis:cyber_protect_cloud_agent:23:update9:*:*:*:*:*:*", matchCriteriaId: "5830C1E7-CA7E-41E3-B556-3F006E8433DE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.", }, { lang: "es", value: "Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilación 36943.", }, ], id: "CVE-2023-48676", lastModified: "2024-11-21T08:32:14.397", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "security@acronis.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-14T14:15:43.673", references: [ { source: "security@acronis.com", tags: [ "Vendor Advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security-advisory.acronis.com/advisories/SEC-5905", }, ], sourceIdentifier: "security@acronis.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@acronis.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.