Sensitive Information Transmitted in Clear Text in Acronis Cyber Protect 16 Before Build 38690
CVE-2024-49387

7.5HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-49387?

Acronis Cyber Protect 16 (Linux, Windows) before build 38690 is susceptible to a vulnerability allowing the cleartext transmission of sensitive information within the acep-collector service. This flaw may expose critical data to unauthorized interception, potentially compromising the integrity and confidentiality of user information. Users of the affected versions are encouraged to apply the necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 38690

References

https://security-advisory.acronis.com/advisories/SEC-7022

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 14, 2024