Sensitive Information Disclosure in Acronis Cyber Protect and Backup Products
CVE-2022-30995

9.3CRITICAL

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15; Acronis Cyber Backup 12.5
Vendor: CVE Published:; 3 May 2023

Summary

A vulnerability in Acronis Cyber Protect and Cyber Backup products allows unauthorized access to sensitive information due to improper authentication. This issue affects versions prior to the specified builds, posing risks to user data integrity and privacy. Users are strongly advised to apply updates to ensure their systems remain secure.

Affected Version(s)

Acronis Cyber Backup 12.5 Windows < 16545

Acronis Cyber Protect 15 Windows < 29486

References

https://security-advisory.acronis.com/advisories/SEC-3855

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 3, 2023
Vulnerability Reserved
May 18, 2022

Credit

@boldglum (https://hackerone.com/boldglum)

Sandro Tolksdorf of usd AG (https://herolab.usd.de)