Sensitive Information Disclosure in Acronis Cyber Infrastructure by Acronis
CVE-2023-2360

7.5HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Infrastructure
Vendor: CVE Published:; 28 April 2023

Summary

The vulnerability in Acronis Cyber Infrastructure arises from a misconfiguration in Cross-Origin Resource Sharing (CORS), which can lead to unauthorized access and disclosure of sensitive information. This issue affects versions prior to build 5.2.0-135, posing potential risks to user data and system integrity. It is crucial for users of Acronis Cyber Infrastructure to review their configurations and apply the necessary updates to safeguard against this vulnerability.

Affected Version(s)

Acronis Cyber Infrastructure ACI < 5.2.0-135

References

https://security-advisory.acronis.com/advisories/SEC-4215

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2023
Vulnerability Reserved
Apr 27, 2023

Credit

@abdullahdynamo1 (https://hackerone.com/abdullahdynamo1)