Sensitive Information Disclosure in Acronis Cyber Protect Software Products
CVE-2023-44158

3.5LOW

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15
Vendor: CVE Published:; 27 September 2023

Summary

A vulnerability exists in Acronis Cyber Protect 15 that allows for the disclosure of sensitive information due to inadequate masking of token fields. This flaw may expose potentially confidential data to unauthorized users, impacting the overall security posture of systems running affected versions of the software.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-4071

vendor-advisory

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 26, 2023