Sensitive Information Disclosure in Acronis Agent by Acronis
CVE-2023-44214

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent
Vendor: CVE Published:; 5 October 2023

What is CVE-2023-44214?

A vulnerability in Acronis Agent allows for sensitive information disclosure due to inadequate authorization controls. This issue affects multiple platforms, including Linux, macOS, and Windows, prior to build 35739. Unauthorized users could potentially gain access to confidential data, highlighting an urgent need for users to update to the latest version to safeguard their information.

Affected Version(s)

Acronis Agent Linux < 35739

References

https://security-advisory.acronis.com/advisories/SEC-5902

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Sep 26, 2023

JSON