Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect Products
CVE-2023-45246
7.1HIGH
Key Information:
- Vendor
- Acronis
- Vendor
- CVE Published:
- 6 October 2023
Summary
A vulnerability has been identified in Acronis Cyber Protect products that allows for sensitive information disclosure and manipulation due to missing authorization mechanisms. Users of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 on Linux, macOS, and Windows platforms, especially those running builds prior to 36343 and 39169 respectively, are advised to review the detailed advisory and implement the necessary updates to safeguard their systems.
Affected Version(s)
Acronis Cyber Protect 16 Linux < 39169
Acronis Cyber Protect Cloud Agent Linux < 36343
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved