Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Acronis Backup plugin for DirectAdmin by Acronis
CVE-2024-34014 (GCVE-0-2024-34014)
Vulnerability from cvelistv5 – Published: 2024-11-11 13:20 – Updated: 2025-02-27 22:59
VLAI
Summary
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.8.3.818
(semver)
|
|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.9.1.892
(semver)
|
|
| Acronis | Acronis Backup extension for Plesk |
Affected:
unspecified , < 1.8.6.599
(semver)
|
|
| Acronis | Acronis Backup plugin for DirectAdmin |
Affected:
unspecified , < 1.2.2.181
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:57:56.705448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T15:58:19.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.3.818",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.9.1.892",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.6.599",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.2.2.181",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos Colakovic (mailto:mcolakovic@godaddy.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Nikola Nikolic (mailto:nnikolic@godaddy.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T22:59:35.050Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7592",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34014",
"datePublished": "2024-11-11T13:20:33.777Z",
"dateReserved": "2024-04-29T15:33:32.845Z",
"dateUpdated": "2025-02-27T22:59:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8767 (GCVE-0-2024-8767)
Vulnerability from cvelistv5 – Published: 2024-09-17 08:51 – Updated: 2024-09-17 13:43
VLAI
Summary
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 619
(semver)
|
|
| Acronis | Acronis Backup extension for Plesk |
Affected:
unspecified , < 555
(semver)
|
|
| Acronis | Acronis Backup plugin for DirectAdmin |
Affected:
unspecified , < 147
(semver)
|
|
| acronis | backup_plugin_for_cpanel_\&_whm |
Affected:
0 , < 619
(semver)
cpe:2.3:a:acronis:backup_plugin_for_cpanel_\&_whm:*:*:*:*:*:*:*:* |
|
| acronis | backup_extension_for_plesk |
Affected:
0 , < 555
(semver)
cpe:2.3:a:acronis:backup_extension_for_plesk:*:*:*:*:*:*:*:* |
|
| acronis | backup_plugin_for_directadmin |
Affected:
0 , < 147
(semver)
cpe:2.3:a:acronis:backup_plugin_for_directadmin:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_cpanel_\\\u0026_whm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_cpanel_\\\u0026_whm",
"vendor": "acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_extension_for_plesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_extension_for_plesk",
"vendor": "acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_directadmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_directadmin",
"vendor": "acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:35:06.655286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:43:37.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T08:51:28.954Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4976",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4976"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-8767",
"datePublished": "2024-09-17T08:51:28.954Z",
"dateReserved": "2024-09-12T20:55:33.303Z",
"dateUpdated": "2024-09-17T13:43:37.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34014 (GCVE-0-2024-34014)
Vulnerability from nvd – Published: 2024-11-11 13:20 – Updated: 2025-02-27 22:59
VLAI
Summary
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.8.3.818
(semver)
|
|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 1.9.1.892
(semver)
|
|
| Acronis | Acronis Backup extension for Plesk |
Affected:
unspecified , < 1.8.6.599
(semver)
|
|
| Acronis | Acronis Backup plugin for DirectAdmin |
Affected:
unspecified , < 1.2.2.181
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:57:56.705448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T15:58:19.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.3.818",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.9.1.892",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.8.6.599",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "1.2.2.181",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos Colakovic (mailto:mcolakovic@godaddy.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Nikola Nikolic (mailto:nnikolic@godaddy.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T22:59:35.050Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7592",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-34014",
"datePublished": "2024-11-11T13:20:33.777Z",
"dateReserved": "2024-04-29T15:33:32.845Z",
"dateUpdated": "2025-02-27T22:59:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8767 (GCVE-0-2024-8767)
Vulnerability from nvd – Published: 2024-09-17 08:51 – Updated: 2024-09-17 13:43
VLAI
Summary
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Backup plugin for cPanel & WHM |
Affected:
unspecified , < 619
(semver)
|
|
| Acronis | Acronis Backup extension for Plesk |
Affected:
unspecified , < 555
(semver)
|
|
| Acronis | Acronis Backup plugin for DirectAdmin |
Affected:
unspecified , < 147
(semver)
|
|
| acronis | backup_plugin_for_cpanel_\&_whm |
Affected:
0 , < 619
(semver)
cpe:2.3:a:acronis:backup_plugin_for_cpanel_\&_whm:*:*:*:*:*:*:*:* |
|
| acronis | backup_extension_for_plesk |
Affected:
0 , < 555
(semver)
cpe:2.3:a:acronis:backup_extension_for_plesk:*:*:*:*:*:*:*:* |
|
| acronis | backup_plugin_for_directadmin |
Affected:
0 , < 147
(semver)
cpe:2.3:a:acronis:backup_plugin_for_directadmin:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_cpanel_\\\u0026_whm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_cpanel_\\\u0026_whm",
"vendor": "acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_extension_for_plesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_extension_for_plesk",
"vendor": "acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:acronis:backup_plugin_for_directadmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "backup_plugin_for_directadmin",
"vendor": "acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:35:06.655286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:43:37.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for cPanel \u0026 WHM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "619",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup extension for Plesk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "555",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Acronis Backup plugin for DirectAdmin",
"vendor": "Acronis",
"versions": [
{
"lessThan": "147",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T08:51:28.954Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-4976",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4976"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-8767",
"datePublished": "2024-09-17T08:51:28.954Z",
"dateReserved": "2024-09-12T20:55:33.303Z",
"dateUpdated": "2024-09-17T13:43:37.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}