Search criteria
117 vulnerabilities found for agent by acronis
FKIE_CVE-2023-48676
Vulnerability from fkie_nvd - Published: 2023-12-14 14:15 - Updated: 2025-05-01 15:41
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CA4F1C-287B-4557-8974-B00A924543AC",
"versionEndExcluding": "c23.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilaci\u00f3n 36943."
}
],
"id": "CVE-2023-48676",
"lastModified": "2025-05-01T15:41:34.473",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T14:15:43.673",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5905"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45247
Vulnerability from fkie_nvd - Published: 2023-10-09 12:15 - Updated: 2025-01-02 16:15
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2350C6-F413-4C61-9FB2-49D7AD08E73F",
"versionEndExcluding": "c23.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 36497."
}
],
"id": "CVE-2023-45247",
"lastModified": "2025-01-02T16:15:07.420",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-09T12:15:10.277",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6600"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45248
Vulnerability from fkie_nvd - Published: 2023-10-09 12:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2350C6-F413-4C61-9FB2-49D7AD08E73F",
"versionEndExcluding": "c23.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391."
},
{
"lang": "es",
"value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilaci\u00f3n 36497."
}
],
"id": "CVE-2023-45248",
"lastModified": "2024-11-21T08:26:38.847",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-09T12:15:10.347",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6052"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45246
Vulnerability from fkie_nvd - Published: 2023-10-06 11:15 - Updated: 2025-01-02 16:15
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36927E70-C86C-4864-B777-50F2AD5EF7CB",
"versionEndExcluding": "c23.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por autenticaci\u00f3n inadecuada. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 36343."
}
],
"id": "CVE-2023-45246",
"lastModified": "2025-01-02T16:15:07.270",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-06T11:15:11.447",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5903"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45245
Vulnerability from fkie_nvd - Published: 2023-10-06 10:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E1FCDE-38D5-49F2-86E4-73CF78AA723E",
"versionEndExcluding": "c23.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 36119."
}
],
"id": "CVE-2023-45245",
"lastModified": "2024-11-21T08:26:37.663",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-06T10:15:18.450",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6017"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45244
Vulnerability from fkie_nvd - Published: 2023-10-06 10:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFE59C-A608-45AD-B1EC-AD2FFE5A3E2C",
"versionEndExcluding": "c23.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35895."
}
],
"id": "CVE-2023-45244",
"lastModified": "2024-11-21T08:26:37.540",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-06T10:15:18.047",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5907"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-44212
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:25
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C48880C-A725-47B7-89C3-06963A2B89B1",
"versionEndExcluding": "c23.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 31477."
}
],
"id": "CVE-2023-44212",
"lastModified": "2024-11-21T08:25:27.130",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.447",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/SEC-2159"
},
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/SEC-2159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5528"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45242
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E",
"versionEndExcluding": "c23.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"id": "CVE-2023-45242",
"lastModified": "2024-11-21T08:26:37.277",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.827",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6018"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45243
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E",
"versionEndExcluding": "c23.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"id": "CVE-2023-45243",
"lastModified": "2024-11-21T08:26:37.407",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.890",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6019"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45240
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E",
"versionEndExcluding": "c23.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"id": "CVE-2023-45240",
"lastModified": "2024-11-21T08:26:37.017",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.680",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5904"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-45241
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E",
"versionEndExcluding": "c23.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
},
{
"lang": "es",
"value": "Se filtra informaci\u00f3n confidencial a trav\u00e9s de archivos de registro. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"id": "CVE-2023-45241",
"lastModified": "2024-11-21T08:26:37.147",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.757",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5999"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-44211
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:25
Severity ?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1",
"versionEndExcluding": "c23.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 31637."
}
],
"id": "CVE-2023-44211",
"lastModified": "2024-11-21T08:25:27.013",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.377",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-4061"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-44213
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:25
Severity ?
Summary
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E",
"versionEndExcluding": "c23.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible debido a la recopilaci\u00f3n excesiva de informaci\u00f3n del sistema. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilaci\u00f3n 35739."
}
],
"id": "CVE-2023-44213",
"lastModified": "2024-11-21T08:25:27.287",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.520",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5286"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-44214
Vulnerability from fkie_nvd - Published: 2023-10-05 22:15 - Updated: 2024-11-21 08:25
Severity ?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E",
"versionEndExcluding": "c23.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739."
}
],
"id": "CVE-2023-44214",
"lastModified": "2024-11-21T08:25:27.413",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@acronis.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-05T22:15:12.587",
"references": [
{
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5902"
}
],
"sourceIdentifier": "security@acronis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@acronis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-48676 (GCVE-0-2023-48676)
Vulnerability from cvelistv5 – Published: 2023-12-14 13:32 – Updated: 2024-08-02 21:37
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36943
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-5905",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36943",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T13:32:28.791Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5905",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5905"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-48676",
"datePublished": "2023-12-14T13:32:28.791Z",
"dateReserved": "2023-11-17T14:33:30.399Z",
"dateUpdated": "2024-08-02T21:37:54.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45247 (GCVE-0-2023-45247)
Vulnerability from cvelistv5 – Published: 2023-10-09 11:09 – Updated: 2025-06-16 17:05
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36497
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6600",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6600"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agent",
"vendor": "acronis",
"versions": [
{
"lessThan": "36497",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T17:05:17.803696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T17:05:43.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36497",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39169",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T15:25:01.362Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6600",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6600"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45247",
"datePublished": "2023-10-09T11:09:00.897Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2025-06-16T17:05:43.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45248 (GCVE-0-2023-45248)
Vulnerability from cvelistv5 – Published: 2023-10-09 11:08 – Updated: 2025-06-16 17:06
VLAI?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
Severity ?
6.6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36497
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6052",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6052"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T16:09:28.243028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T17:06:45.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36497",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "37391",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T16:55:03.256Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6052",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6052"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45248",
"datePublished": "2023-10-09T11:08:37.009Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2025-06-16T17:06:45.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45246 (GCVE-0-2023-45246)
Vulnerability from cvelistv5 – Published: 2023-10-06 10:07 – Updated: 2025-01-02 15:25
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36343
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-5903",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5903"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cyber_protect_cloud_agent",
"vendor": "acronis",
"versions": [
{
"lessThan": "36343",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:26:17.297377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:30:05.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36343",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39169",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T15:25:18.885Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5903",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45246",
"datePublished": "2023-10-06T10:07:06.167Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2025-01-02T15:25:18.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45245 (GCVE-0-2023-45245)
Vulnerability from cvelistv5 – Published: 2023-10-06 09:53 – Updated: 2024-09-19 18:30
VLAI?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Affected:
unspecified , < 36119
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6017",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6017"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:30:32.703074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:30:43.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36119",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T09:53:55.524Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6017",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45245",
"datePublished": "2023-10-06T09:53:55.524Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2024-09-19T18:30:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45244 (GCVE-0-2023-45244)
Vulnerability from cvelistv5 – Published: 2023-10-06 09:47 – Updated: 2024-08-02 20:14
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 35895
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-5907",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35895",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "37391",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T16:53:48.749Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5907",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5907"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45244",
"datePublished": "2023-10-06T09:47:15.441Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2024-08-02T20:14:19.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45243 (GCVE-0-2023-45243)
Vulnerability from cvelistv5 – Published: 2023-10-05 21:57 – Updated: 2024-09-19 17:28
VLAI?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Affected:
unspecified , < 35739
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6019"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T17:28:12.048552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T17:28:23.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35739",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-05T21:57:49.413Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6019",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6019"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45243",
"datePublished": "2023-10-05T21:57:49.413Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2024-09-19T17:28:23.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45242 (GCVE-0-2023-45242)
Vulnerability from cvelistv5 – Published: 2023-10-05 21:57 – Updated: 2024-09-19 17:30
VLAI?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Affected:
unspecified , < 35739
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6018",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6018"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T17:30:15.068298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T17:30:32.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35739",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-05T21:57:35.406Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6018",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6018"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45242",
"datePublished": "2023-10-05T21:57:35.406Z",
"dateReserved": "2023-10-05T21:47:00.378Z",
"dateUpdated": "2024-09-19T17:30:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48676 (GCVE-0-2023-48676)
Vulnerability from nvd – Published: 2023-12-14 13:32 – Updated: 2024-08-02 21:37
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36943
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-5905",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36943",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T13:32:28.791Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5905",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5905"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-48676",
"datePublished": "2023-12-14T13:32:28.791Z",
"dateReserved": "2023-11-17T14:33:30.399Z",
"dateUpdated": "2024-08-02T21:37:54.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45247 (GCVE-0-2023-45247)
Vulnerability from nvd – Published: 2023-10-09 11:09 – Updated: 2025-06-16 17:05
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36497
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6600",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6600"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agent",
"vendor": "acronis",
"versions": [
{
"lessThan": "36497",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T17:05:17.803696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T17:05:43.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36497",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39169",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T15:25:01.362Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6600",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6600"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45247",
"datePublished": "2023-10-09T11:09:00.897Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2025-06-16T17:05:43.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45248 (GCVE-0-2023-45248)
Vulnerability from nvd – Published: 2023-10-09 11:08 – Updated: 2025-06-16 17:06
VLAI?
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
Severity ?
6.6 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36497
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6052",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6052"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T16:09:28.243028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T17:06:45.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36497",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "37391",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T16:55:03.256Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6052",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6052"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45248",
"datePublished": "2023-10-09T11:08:37.009Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2025-06-16T17:06:45.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45246 (GCVE-0-2023-45246)
Vulnerability from nvd – Published: 2023-10-06 10:07 – Updated: 2025-01-02 15:25
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 36343
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-5903",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5903"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cyber_protect_cloud_agent",
"vendor": "acronis",
"versions": [
{
"lessThan": "36343",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:26:17.297377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:30:05.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36343",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39169",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T15:25:18.885Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5903",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45246",
"datePublished": "2023-10-06T10:07:06.167Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2025-01-02T15:25:18.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45245 (GCVE-0-2023-45245)
Vulnerability from nvd – Published: 2023-10-06 09:53 – Updated: 2024-09-19 18:30
VLAI?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Affected:
unspecified , < 36119
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6017",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6017"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:30:32.703074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:30:43.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "36119",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T09:53:55.524Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6017",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6017"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45245",
"datePublished": "2023-10-06T09:53:55.524Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2024-09-19T18:30:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45244 (GCVE-0-2023-45244)
Vulnerability from nvd – Published: 2023-10-06 09:47 – Updated: 2024-08-02 20:14
VLAI?
Summary
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 35895
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-5907",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35895",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "37391",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T16:53:48.749Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5907",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5907"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45244",
"datePublished": "2023-10-06T09:47:15.441Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2024-08-02T20:14:19.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45243 (GCVE-0-2023-45243)
Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2024-09-19 17:28
VLAI?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Affected:
unspecified , < 35739
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6019"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T17:28:12.048552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T17:28:23.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35739",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-05T21:57:49.413Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6019",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6019"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45243",
"datePublished": "2023-10-05T21:57:49.413Z",
"dateReserved": "2023-10-05T21:47:00.379Z",
"dateUpdated": "2024-09-19T17:28:23.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45242 (GCVE-0-2023-45242)
Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2024-09-19 17:30
VLAI?
Summary
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
Severity ?
5.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Acronis | Acronis Agent |
Affected:
unspecified , < 35739
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-6018",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6018"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T17:30:15.068298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T17:30:32.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35739",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-05T21:57:35.406Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-6018",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-6018"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-45242",
"datePublished": "2023-10-05T21:57:35.406Z",
"dateReserved": "2023-10-05T21:47:00.378Z",
"dateUpdated": "2024-09-19T17:30:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}