Cyber Protect@* Security Vulnerabilities and Issues — Cyber Protect@* CVE List

Lucene search

AcronisCyber Protect*

11 matches found

CVE•added 2024/02/27 5:15 p.m.•94 views

CVE-2023-48682

Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

6.1CVSS5.9AI score0.00122EPSS

CVE•added 2024/02/27 5:15 p.m.•91 views

CVE-2023-48678

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

5.5CVSS5.3AI score0.0005EPSS

CVE•added 2024/02/27 5:15 p.m.•86 views

CVE-2023-48679

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

5.4CVSS3.8AI score0.00501EPSS

CVE•added 2024/02/27 5:15 p.m.•85 views

CVE-2023-48680

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.

5.5CVSS4AI score0.00129EPSS

CVE•added 2024/02/27 5:15 p.m.•85 views

CVE-2023-48681

Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

6.1CVSS3.9AI score0.00574EPSS

CVE•added 2024/10/15 11:15 a.m.•50 views

CVE-2024-49388

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

9.1CVSS6.9AI score0.00083EPSS

CVE•added 2024/10/15 11:15 a.m.•48 views

CVE-2024-49387

Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

7.5CVSS6.8AI score0.00048EPSS

CVE•added 2024/07/16 3:15 p.m.•45 views

CVE-2022-45449

Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.

7.7CVSS6.6AI score0.00132EPSS

CVE•added 2024/10/15 11:15 a.m.•42 views

CVE-2024-49383

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

4.3CVSS7.1AI score0.00035EPSS

CVE•added 2024/10/15 11:15 a.m.•41 views

CVE-2024-49382

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

4.3CVSS7.1AI score0.00035EPSS

CVE•added 2024/10/15 11:15 a.m.•40 views

CVE-2024-49384

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

4.3CVSS7.1AI score0.00035EPSS