Cross-Site Request Forgery Vulnerability in Acronis Cyber Protect 15
CVE-2023-44160

6.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15
Vendor: CVE Published:; 27 September 2023

Summary

A vulnerability in Acronis Cyber Protect 15 allows for sensitive information manipulation due to cross-site request forgery. This could potentially allow an attacker to trick a user into submitting unwanted actions on their behalf, impacting the integrity and confidentiality of user data. This issue affects both Linux and Windows versions of the product prior to build 35979. Affected users are advised to upgrade to the latest version to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-4083

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 26, 2023

Credit

@laz0rde (https://hackerone.com/laz0rde)