Sensitive Information Exposure in Acronis Agent and Cyber Protect Products
CVE-2022-45450

5.4MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent; Acronis Cyber Protect 15
Vendor: CVE Published:; 18 May 2023

Summary

Acronis Agent and Acronis Cyber Protect 15 are susceptible to vulnerabilities that allow for sensitive information disclosure and manipulation due to improper authorization. This affects various platforms, including Linux, macOS, and Windows, before specified builds. It is critical to ensure your software is updated to the latest builds to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Acronis Agent Linux < 28610

Acronis Cyber Protect 15 Linux < 30984

References

https://security-advisory.acronis.com/advisories/SEC-2410

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Nov 16, 2022