Cyber Protect
by Acronis
CVEs (94)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30994 | 0.00 | — | 0.01 | May 18, 2022 | Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 | |||
| CVE-2021-44204 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build… | |||
| CVE-2021-44200 | 0.00 | — | 0.00 | Nov 29, 2021 | Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-44199 | 0.00 | — | 0.00 | Nov 29, 2021 | DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 | |||
| CVE-2021-44202 | 0.00 | — | 0.00 | Nov 29, 2021 | Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-44203 | 0.00 | — | 0.00 | Nov 29, 2021 | Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-44198 | 0.00 | — | 0.00 | Nov 29, 2021 | DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 | |||
| CVE-2021-44201 | 0.00 | — | 0.01 | Nov 29, 2021 | Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-38087 | 0.00 | — | 0.01 | Aug 12, 2021 | Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | |||
| CVE-2021-38088 | 0.00 | — | 0.00 | Aug 12, 2021 | Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | |||
| CVE-2021-32581 | 0.00 | — | 0.01 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. | |||
| CVE-2020-35556 | 0.00 | — | 0.01 | Feb 22, 2021 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | |||
| CVE-2020-35664 | 0.00 | — | 0.01 | Feb 22, 2021 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. | |||
| CVE-2020-10138 | 0.00 | — | 0.01 | Oct 21, 2020 | Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because… |
- CVE-2022-30994May 18, 2022risk 0.00cvss —epss 0.01
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
- CVE-2021-44204Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build…
- CVE-2021-44200Nov 29, 2021risk 0.00cvss —epss 0.00
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-44199Nov 29, 2021risk 0.00cvss —epss 0.00
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
- CVE-2021-44202Nov 29, 2021risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-44203Nov 29, 2021risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-44198Nov 29, 2021risk 0.00cvss —epss 0.00
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
- CVE-2021-44201Nov 29, 2021risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-38087Aug 12, 2021risk 0.00cvss —epss 0.01
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.
- CVE-2021-38088Aug 12, 2021risk 0.00cvss —epss 0.00
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
- CVE-2021-32581Aug 5, 2021risk 0.00cvss —epss 0.01
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
- CVE-2020-35556Feb 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
- CVE-2020-35664Feb 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.
- CVE-2020-10138Oct 21, 2020risk 0.00cvss —epss 0.01
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because…
Page 5 of 5