VYPR

Cyber Backup 12.5

by Acronis

CVEs (4)

  • CVE-2022-30995May 3, 2023
    risk 0.08cvss epss 0.03

    Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

  • CVE-2022-3405May 3, 2023
    risk 0.06cvss epss 0.05

    Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

  • CVE-2020-16171Sep 21, 2020
    risk 0.04cvss epss 0.06

    An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be…

  • CVE-2020-10138Oct 21, 2020
    risk 0.00cvss epss 0.01

    Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because…