Sensitive Information Manipulation in Acronis Cyber Protect 15 by Acronis
CVE-2023-44161

3.1LOW

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15
Vendor: CVE Published:; 27 September 2023

Summary

A vulnerability exists in Acronis Cyber Protect 15 that allows for sensitive information manipulation due to cross-site request forgery. Attackers could exploit this flaw to trick users into executing unintended actions within the application, potentially leading to unauthorized access to sensitive data. It is crucial for users to update to build 35979 or newer to mitigate this risk.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 35979

References

https://security-advisory.acronis.com/advisories/SEC-4084

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 26, 2023

Credit

@laz0rde (https://hackerone.com/laz0rde)