CVSS: 9.8EPSS: 88%CPEs: 5EXPL: 0CVE-2023-45249 – Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
https://notcve.org/view.php?id=CVE-2023-45249
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. • https://security-advisory.acronis.com/advisories/SEC-6452 https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild https://attackerkb.com/topics/T2b62daDsL/cve-2023-45249 • CWE-1393: Use of Default Password •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2782
https://notcve.org/view.php?id=CVE-2023-2782
Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. • https://security-advisory.acronis.com/advisories/SEC-3475 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2360
https://notcve.org/view.php?id=CVE-2023-2360
Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. • https://security-advisory.acronis.com/advisories/SEC-4215 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •