Vulnerabilities (CVE)

Filtered by vendor Acronis Subscribe
Filtered by product Cyber Protect
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44199 2 Acronis, Microsoft 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more 2024-11-21 1.9 LOW 5.5 MEDIUM
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
CVE-2021-44198 2 Acronis, Microsoft 2 Cyber Protect, Windows 2024-11-21 4.4 MEDIUM 7.8 HIGH
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
CVE-2021-38088 2 Acronis, Microsoft 2 Cyber Protect, Windows 2024-11-21 4.6 MEDIUM 7.8 HIGH
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
CVE-2021-38087 1 Acronis 1 Cyber Protect 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.
CVE-2021-38086 2 Acronis, Microsoft 2 Cyber Protect, Windows 2024-11-21 4.4 MEDIUM 7.8 HIGH
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.
CVE-2020-35664 1 Acronis 1 Cyber Protect 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.
CVE-2020-35556 1 Acronis 1 Cyber Protect 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
CVE-2020-10138 1 Acronis 2 Cyber Backup, Cyber Protect 2024-11-21 7.2 HIGH 7.8 HIGH
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
CVE-2024-49387 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 N/A 7.5 HIGH
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49388 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 N/A 9.1 CRITICAL
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49382 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 N/A 4.3 MEDIUM
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49383 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 N/A 4.3 MEDIUM
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49384 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2024-10-16 N/A 4.3 MEDIUM
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.