Acronis True Image has an unspecified vulnerability

Acronis True Image is a well-known data backup and restore software from Singapore-based Acronis. Acronis True Image 2020 version 24.5.22510 contains a security vulnerability that could be exploited by an attacker to add arbitrary malicious executables to a whitelist or even exclude an entire dri...

Code injection

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to antiransomwareservice.exe. This can be exploited to add an arbitrary malicious...

CVE-2020-9450

Affected product: Acronis True Image 2020 (build 24.5.22510). The issue lies in anti_ransomware_service.exe, whose REST API is exposed for GUI communication and is accessible to unprivileged users. This allows adding arbitrary executables to the whitelist or excluding an entire drive from monitor...

CVE-2020-9450

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to antiransomwareservice.exe. This can be exploited to add an arbitrary malicious...

Acronis: anti_ransomware_service.exe REST API does not require authentication

antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the Acronis True Image 2020 GUI to the antiransomwareservice.exe. This can be exploited to add an arbitary malicious executable to the whitelist or even exclude...