VYPR

Cyber Protect

by Acronis

CVEs (94)

  • CVE-2022-30994May 18, 2022
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

  • CVE-2021-44204Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build…

  • CVE-2021-44200Nov 29, 2021
    risk 0.00cvss epss 0.00

    Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-44199Nov 29, 2021
    risk 0.00cvss epss 0.00

    DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612

  • CVE-2021-44202Nov 29, 2021
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-44203Nov 29, 2021
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-44198Nov 29, 2021
    risk 0.00cvss epss 0.00

    DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035

  • CVE-2021-44201Nov 29, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-38087Aug 12, 2021
    risk 0.00cvss epss 0.01

    Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.

  • CVE-2021-38088Aug 12, 2021
    risk 0.00cvss epss 0.00

    Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

  • CVE-2021-32581Aug 5, 2021
    risk 0.00cvss epss 0.01

    Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.

  • CVE-2020-35556Feb 22, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.

  • CVE-2020-35664Feb 22, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.

  • CVE-2020-10138Oct 21, 2020
    risk 0.00cvss epss 0.01

    Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because…

Page 5 of 5