Summary
| Detail | |||
|---|---|---|---|
| Vendor | Acronis | First view | 2023-02-13 |
| Product | Cyber Protect | Last view | 2023-09-27 |
| Version | 15 | Type | Application |
| Update | update4 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:acronis:cyber_protect | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2023-09-27 | CVE-2023-44207 | Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 9.1 | 2023-09-27 | CVE-2023-44206 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 5.3 | 2023-09-27 | CVE-2023-44205 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 6.5 | 2023-09-27 | CVE-2023-44161 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 6.5 | 2023-09-27 | CVE-2023-44160 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 7.5 | 2023-09-27 | CVE-2023-44159 | Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 7.5 | 2023-09-27 | CVE-2023-44158 | Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 7.8 | 2023-09-27 | CVE-2023-44157 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. |
| 7.5 | 2023-09-27 | CVE-2023-44156 | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 7.5 | 2023-09-27 | CVE-2023-44155 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 8.1 | 2023-09-27 | CVE-2023-44154 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| 7.5 | 2023-09-27 | CVE-2023-44153 | Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |
| 9.1 | 2023-09-27 | CVE-2023-44152 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |
| 7.5 | 2023-08-31 | CVE-2023-41749 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979. |
| 5.5 | 2023-08-31 | CVE-2023-41745 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |
| 7.8 | 2023-08-31 | CVE-2023-41744 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979. |
| 7.8 | 2023-08-31 | CVE-2023-41743 | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. |
| 7.5 | 2023-08-31 | CVE-2023-41742 | Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |
| 7.5 | 2023-05-18 | CVE-2022-45459 | Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. |
| 7.5 | 2023-05-18 | CVE-2022-45458 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. |
| 7.5 | 2023-05-18 | CVE-2022-45457 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. |
| 7.5 | 2023-05-18 | CVE-2022-45453 | TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. |
| 7.8 | 2023-05-18 | CVE-2022-45452 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. |
| 7.5 | 2023-05-18 | CVE-2022-45450 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. |
| 7.8 | 2023-02-13 | CVE-2022-45455 | Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 16% (4) | CWE-276 | Incorrect Default Permissions |
| 12% (3) | CWE-639 | Access Control Bypass Through User-Controlled Key |
| 8% (2) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 8% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 8% (2) | CWE-312 | Cleartext Storage of Sensitive Information |
| 8% (2) | CWE-295 | Certificate Issues |
| 4% (1) | CWE-552 | Files or Directories Accessible to External Parties |
| 4% (1) | CWE-532 | Information Leak Through Log Files |
| 4% (1) | CWE-522 | Insufficiently Protected Credentials |
| 4% (1) | CWE-459 | Incomplete Cleanup |
| 4% (1) | CWE-347 | Improper Verification of Cryptographic Signature |
| 4% (1) | CWE-326 | Inadequate Encryption Strength |
| 4% (1) | CWE-287 | Improper Authentication |
| 4% (1) | CWE-269 | Improper Privilege Management |
| 4% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
