Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45449 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-03-07 | N/A | 6.5 MEDIUM |
| Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||||
| CVE-2024-55541 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-03-06 | N/A | 6.1 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. | |||||
| CVE-2024-55540 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2025-03-06 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | |||||
| CVE-2024-55543 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2025-03-06 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | |||||
| CVE-2023-48678 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48679 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48680 | 3 Acronis, Apple, Microsoft | 3 Cyber Protect, Macos, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | |||||
| CVE-2023-48681 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 6.1 MEDIUM |
| Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48682 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2024-49388 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 9.1 CRITICAL |
| Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49384 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49382 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49387 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 7.5 HIGH |
| Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49383 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2023-44207 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-44206 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 9.1 CRITICAL |
| Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-44205 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 5.3 MEDIUM |
| Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-44161 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-44160 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
| CVE-2023-44159 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||