Sensitive Information Disclosure in Acronis Cyber Protect 15 by Acronis
CVE-2023-44159

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-44159?

A security vulnerability has been identified in Acronis Cyber Protect 15, affecting both Linux and Windows platforms, due to the cleartext storage of sensitive information. This flaw can potentially expose confidential user data, compromising the integrity and confidentiality of stored information. Users are encouraged to update to build 35979 or later to mitigate the risks associated with this vulnerability. For more details, refer to the vendor advisory SEC-5787.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-5787

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 26, 2023