Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44199 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 | |||||
CVE-2021-44198 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 | |||||
CVE-2021-38088 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | |||||
CVE-2021-38087 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | |||||
CVE-2021-38086 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. | |||||
CVE-2020-35664 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. | |||||
CVE-2020-35556 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | |||||
CVE-2020-10138 | 1 Acronis | 2 Cyber Backup, Cyber Protect | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | |||||
CVE-2024-49387 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-10-16 | N/A | 7.5 HIGH |
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
CVE-2024-49388 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-10-16 | N/A | 9.1 CRITICAL |
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
CVE-2024-49382 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-10-16 | N/A | 4.3 MEDIUM |
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
CVE-2024-49383 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-10-16 | N/A | 4.3 MEDIUM |
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
CVE-2024-49384 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-10-16 | N/A | 4.3 MEDIUM |
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |