Sensitive Information Disclosure in Acronis Agent
CVE-2023-45243

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Agent
Vendor: CVE Published:; 5 October 2023

Summary

A vulnerability in Acronis Agent (Linux, macOS, Windows) prior to build 35739 allows unauthorized access to sensitive information. This arises from insufficient authorization checks, potentially exposing critical data to unauthorized users. It is essential for users of the affected Acronis products to apply the recommended updates to mitigate this risk.

Affected Version(s)

Acronis Agent Linux < 35739

References

https://security-advisory.acronis.com/advisories/SEC-6019

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2023
Vulnerability Reserved
Oct 5, 2023