Search criteria
4 vulnerabilities found for Acronis Backup plugin for DirectAdmin by Acronis
CVE-2024-34014 (GCVE-0-2024-34014)
Vulnerability from cvelistv5 – Published: 2024-11-11 13:20 – Updated: 2025-02-27 22:59
VLAI?
Summary
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.8.3.818
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Milos Colakovic (mailto:mcolakovic@godaddy.com)
Nikola Nikolic (mailto:nnikolic@godaddy.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:57:56.705448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T15:58:19.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.3.818",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.9.1.892",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.6.599",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.2.2.181",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos Colakovic (mailto:mcolakovic@godaddy.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Nikola Nikolic (mailto:nnikolic@godaddy.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T22:59:35.050Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7592",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34014",
"datePublished": "2024-11-11T13:20:33.777Z",
"dateReserved": "2024-04-29T15:33:32.845Z",
"dateUpdated": "2025-02-27T22:59:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8767 (GCVE-0-2024-8767)
Vulnerability from cvelistv5 – Published: 2024-09-17 08:51 – Updated: 2024-09-17 13:43
VLAI?
Summary
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
Severity ?
9.9 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 619
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_cpanel_\\\u0026_whm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_cpanel_\\\u0026_whm",
"vendor": "acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_extension_for_plesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_extension_for_plesk",
"vendor": "acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_directadmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_directadmin",
"vendor": "acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:35:06.655286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:43:37.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T08:51:28.954Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4976",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4976"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-8767",
"datePublished": "2024-09-17T08:51:28.954Z",
"dateReserved": "2024-09-12T20:55:33.303Z",
"dateUpdated": "2024-09-17T13:43:37.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34014 (GCVE-0-2024-34014)
Vulnerability from nvd – Published: 2024-11-11 13:20 – Updated: 2025-02-27 22:59
VLAI?
Summary
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.8.3.818
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Milos Colakovic (mailto:mcolakovic@godaddy.com)
Nikola Nikolic (mailto:nnikolic@godaddy.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:57:56.705448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T15:58:19.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.3.818",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.9.1.892",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.6.599",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.2.2.181",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos Colakovic (mailto:mcolakovic@godaddy.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Nikola Nikolic (mailto:nnikolic@godaddy.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T22:59:35.050Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7592",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34014",
"datePublished": "2024-11-11T13:20:33.777Z",
"dateReserved": "2024-04-29T15:33:32.845Z",
"dateUpdated": "2025-02-27T22:59:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8767 (GCVE-0-2024-8767)
Vulnerability from nvd – Published: 2024-09-17 08:51 – Updated: 2024-09-17 13:43
VLAI?
Summary
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
Severity ?
9.9 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 619
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_cpanel_\\\u0026_whm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_cpanel_\\\u0026_whm",
"vendor": "acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_extension_for_plesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_extension_for_plesk",
"vendor": "acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_directadmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_directadmin",
"vendor": "acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:35:06.655286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:43:37.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T08:51:28.954Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4976",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4976"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-8767",
"datePublished": "2024-09-17T08:51:28.954Z",
"dateReserved": "2024-09-12T20:55:33.303Z",
"dateUpdated": "2024-09-17T13:43:37.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}