Improper Authorization Vulnerability in Acronis Cyber Protect 15 by Acronis
CVE-2023-44154

4.6MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15
Vendor: CVE Published:; 27 September 2023

Summary

Acronis Cyber Protect 15 suffers from a vulnerability that enables sensitive information disclosure and manipulation due to improper authorization. This flaw could potentially allow unauthorized users access to sensitive data, posing a significant security risk. Affected versions include Acronis Cyber Protect 15 for both Linux and Windows platforms, prior to build 35979. Users are advised to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-2436

vendor-advisory

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 26, 2023