Sensitive Information Disclosure in Acronis Cyber Protect 15
CVE-2023-44156

5.7MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15
Vendor: CVE Published:; 27 September 2023

Summary

The vulnerability presents a risk through sensitive information disclosure due to an issue known as spell-jacking. Affected users utilizing Acronis Cyber Protect 15 on Linux or Windows before build 35979 may be at risk, making it essential to upgrade to the latest version to mitigate potential exposures. For more information, refer to the official security advisory from Acronis.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-5124

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 26, 2023