Session Invalidation Flaw in Acronis Cyber Protect 16 by Acronis
CVE-2024-56413

Currently unrated

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-56413?

Acronis Cyber Protect 16 contains a vulnerability due to missing session invalidation after user deletion. This flaw potentially allows unauthorized access, which could be exploited by malicious actors to continue to use a session associated with a deleted user account, thereby compromising sensitive information and system integrity. Users of Acronis Cyber Protect 16 (Windows) prior to build 39169 should review their security measures and consider applying the latest updates to mitigate potential risks.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39169

References

https://security-advisory.acronis.com/advisories/SEC-7612

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 23, 2024

Credit

@strgt (https://hackerone.com/strgt)