Sensitive Information Disclosure in Acronis Cyber Protect Home Office
CVE-2023-44208

9.1CRITICAL

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Home Office
Vendor: CVE Published:; 4 October 2023

Summary

This vulnerability arises from a missing authorization mechanism, allowing unauthorized access to sensitive information within the Acronis Cyber Protect Home Office application. This can lead to potential data manipulation, putting user data at risk. Affected users should promptly update to the latest version to mitigate these risks.

Affected Version(s)

Acronis Cyber Protect Home Office Windows < 40713

References

https://security-advisory.acronis.com/advisories/SEC-6587

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Sep 26, 2023