Lucene search

AcronisCVELIST:CVE-2022-45456

HistoryApr 26, 2023 - 7:54 p.m.

CVE-2022-45456

2023-04-2619:54:03

CWE-287

Acronis

www.cve.org

denial of service

unauthenticated api endpoint

acronis agent

windows

macos

linux

build 30161.

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

34.1%

JSON

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.

CNA Affected

[
  {
    "vendor": "Acronis",
    "product": "Acronis Agent",
    "platforms": [
      "Windows",
      "macOS",
      "Linux"
    ],
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "30161",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security-advisory.acronis.com/advisories/SEC-4149

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for CVELIST:CVE-2022-45456