Sensitive Information Disclosure in Acronis Agent by Acronis
CVE-2023-45242

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent
Vendor: CVE Published:; 5 October 2023

Summary

A vulnerability in Acronis Agent across Linux, macOS, and Windows platforms allows unauthorized access to sensitive information due to inadequate authorization protocols implemented before build 35739. If left unaddressed, this weakness could potentially expose confidential data, risking user privacy and data integrity.

Affected Version(s)

Acronis Agent Linux < 35739

References

https://security-advisory.acronis.com/advisories/SEC-6018

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Oct 5, 2023