Sensitive Information Disclosure in Acronis Cyber Infrastructure by Acronis
CVE-2023-2782

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Infrastructure
Vendor: CVE Published:; 18 May 2023

Summary

This vulnerability presents a risk of sensitive information exposure in Acronis Cyber Infrastructure due to improper authorization processes. Versions of Acronis Cyber Infrastructure prior to build 5.3.1-38 are susceptible, potentially allowing unauthorized access to protected data. It is imperative for users to implement the latest updates to safeguard their systems against exploitation.

Affected Version(s)

Acronis Cyber Infrastructure ACI < 5.3.1-38

References

https://security-advisory.acronis.com/advisories/SEC-3475

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
May 18, 2023