SSL Certificate Validation Flaw in Acronis True Image and Cyber Protect
CVE-2021-32581

8.1HIGH

Key Information:

Vendor
Acronis
Vendor
CVE Published:
5 August 2021

Summary

Certain versions of Acronis True Image and Acronis Cyber Protect did not properly implement SSL certificate validation, potentially allowing attackers to intercept sensitive data during transmission. This oversight could lead to information disclosure and compromise user security. Users are encouraged to update to the latest versions to mitigate the associated risks.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.