Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cyber_protect
(Acronis)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 62 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-44156 | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 7.5 | ||
| 2023-09-27 | CVE-2023-44157 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | Cyber_protect | 7.8 | ||
| 2023-09-27 | CVE-2023-44158 | Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 7.5 | ||
| 2023-09-27 | CVE-2023-44159 | Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 7.5 | ||
| 2023-09-27 | CVE-2023-44160 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 6.5 | ||
| 2023-09-27 | CVE-2023-44161 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 6.5 | ||
| 2023-09-27 | CVE-2023-44205 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 5.3 | ||
| 2023-09-27 | CVE-2023-44206 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 9.1 | ||
| 2023-09-27 | CVE-2023-44207 | Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | Cyber_protect | 5.4 | ||
| 2020-10-21 | CVE-2020-10138 | Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | Cyber_backup, Cyber_protect | 7.8 |