Cyber Protect
by Acronis
CVEs (94)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49388 | 0.00 | — | 0.00 | Oct 15, 2024 | Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49387 | 0.00 | — | 0.00 | Oct 15, 2024 | Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49384 | 0.00 | — | 0.00 | Oct 15, 2024 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49383 | 0.00 | — | 0.00 | Oct 15, 2024 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49382 | 0.00 | — | 0.00 | Oct 15, 2024 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2022-45449 | 0.00 | — | 0.00 | Jul 16, 2024 | Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||
| CVE-2023-48682 | 0.00 | — | 0.00 | Feb 27, 2024 | Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-48681 | 0.00 | — | 0.00 | Feb 27, 2024 | Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-48680 | 0.00 | — | 0.00 | Feb 27, 2024 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | |||
| CVE-2023-48679 | 0.00 | — | 0.00 | Feb 27, 2024 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-48678 | 0.00 | — | 0.00 | Feb 27, 2024 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-45247 | 0.00 | — | 0.00 | Oct 9, 2023 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||
| CVE-2023-45248 | 0.00 | — | 0.00 | Oct 9, 2023 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. | |||
| CVE-2023-45246 | 0.00 | — | 0.00 | Oct 6, 2023 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||
| CVE-2023-45244 | 0.00 | — | 0.00 | Oct 6, 2023 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391. | |||
| CVE-2023-45243 | 0.00 | — | 0.00 | Oct 5, 2023 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | |||
| CVE-2023-45242 | 0.00 | — | 0.00 | Oct 5, 2023 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | |||
| CVE-2023-45241 | 0.00 | — | 0.00 | Oct 5, 2023 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391. | |||
| CVE-2023-44213 | 0.00 | — | 0.00 | Oct 5, 2023 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391. | |||
| CVE-2023-44211 | 0.00 | — | 0.00 | Oct 5, 2023 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391. |
- CVE-2024-49388Oct 15, 2024risk 0.00cvss —epss 0.00
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49387Oct 15, 2024risk 0.00cvss —epss 0.00
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49384Oct 15, 2024risk 0.00cvss —epss 0.00
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49383Oct 15, 2024risk 0.00cvss —epss 0.00
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49382Oct 15, 2024risk 0.00cvss —epss 0.00
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2022-45449Jul 16, 2024risk 0.00cvss —epss 0.00
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
- CVE-2023-48682Feb 27, 2024risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-48681Feb 27, 2024risk 0.00cvss —epss 0.00
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-48680Feb 27, 2024risk 0.00cvss —epss 0.00
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.
- CVE-2023-48679Feb 27, 2024risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-48678Feb 27, 2024risk 0.00cvss —epss 0.00
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-45247Oct 9, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
- CVE-2023-45248Oct 9, 2023risk 0.00cvss —epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
- CVE-2023-45246Oct 6, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
- CVE-2023-45244Oct 6, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
- CVE-2023-45243Oct 5, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
- CVE-2023-45242Oct 5, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
- CVE-2023-45241Oct 5, 2023risk 0.00cvss —epss 0.00
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
- CVE-2023-44213Oct 5, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
- CVE-2023-44211Oct 5, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
Page 3 of 5