Sensitive Information Disclosure in Acronis True Image by Acronis
CVE-2024-55538

4MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis True Image; Acronis True Image Oem
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-55538?

A vulnerability has been identified in Acronis True Image where sensitive information can be disclosed due to insufficient authentication measures. This affects users of both the macOS and Windows versions of the software, specifically those using versions prior to build 41725 for macOS and build 41736 for Windows. Without adequate protective measures, unauthorized users may gain access to sensitive data, posing a risk to user privacy and data integrity. It is crucial for users to update their applications to the latest builds to mitigate this vulnerability.

Affected Version(s)

Acronis True Image macOS < 41725

Acronis True Image OEM macOS < 42571

Acronis True Image OEM Windows < 42575

References

https://security-advisory.acronis.com/advisories/SEC-2209

vendor-advisory

CVSS V3.0

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 6, 2024

CVE-2024-55538 Data

JSON