Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect Products
CVE-2023-45246

7.1HIGH

Key Information:

Vendor
Acronis
Vendor
CVE Published:
6 October 2023

Summary

A vulnerability has been identified in Acronis Cyber Protect products that allows for sensitive information disclosure and manipulation due to missing authorization mechanisms. Users of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 on Linux, macOS, and Windows platforms, especially those running builds prior to 36343 and 39169 respectively, are advised to review the detailed advisory and implement the necessary updates to safeguard their systems.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39169

Acronis Cyber Protect Cloud Agent Linux < 36343

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.