CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38087
https://notcve.org/view.php?id=CVE-2021-38087
12 Aug 2021 — Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado era posible en la página de inicio de sesión de Acronis Cyber Protect 15 anterior a versión build 27009 • https://kb.acronis.com/content/68564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38086
https://notcve.org/view.php?id=CVE-2021-38086
12 Aug 2021 — Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. Acronis Cyber Protect versiones 15 para Windows anterior a versión build 27009 y Acronis Agent para Windows anterior a versión build 26226, permitían una escalada de privilegios local por medio de un secuestro DLL • https://kb.acronis.com/content/68564 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38088
https://notcve.org/view.php?id=CVE-2021-38088
12 Aug 2021 — Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. Acronis Cyber Protect 15 para Windows anterior a versión build 27009, permitía una escalada de privilegios local por medio de un secuestro de binarios • https://kb.acronis.com/content/68564 •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-32581
https://notcve.org/view.php?id=CVE-2021-32581
05 Aug 2021 — Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. Acronis True Image anterior a versión 2021 Update 4 para Windows, Acronis True Image anterior a versión 2021 Update 5 para Mac, Acronis Agent anterior a la compilación 26653, Acronis Cyber Protect anterior a la compilación 27009, no implementaban la comprobación de certificados SS... • https://kb.acronis.com/content/68413 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35556
https://notcve.org/view.php?id=CVE-2020-35556
22 Feb 2021 — An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. Se detectó un problema en Acronis Cyber ??Protect versiones anteriores a 15 Update 1 build 26172. Debido a que el servicio de notificación local configura inapropiadamente CORS, puede ocurrir una divulgación de información • https://dl.managed-protection.com/u/cyberprotect/rn/15/user/en-US/AcronisCyberProtect15_relnotes.htm •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35664
https://notcve.org/view.php?id=CVE-2020-35664
22 Feb 2021 — An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. Se detectó un problema en Acronis Cyber ??Protect versiones anteriores a 15 Update 1 build 26172. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en la consola • https://dl.managed-protection.com/u/cyberprotect/rn/15/user/en-US/AcronisCyberProtect15_relnotes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10138
https://notcve.org/view.php?id=CVE-2020-10138
21 Oct 2020 — Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. Acronis Cyber ??Backup versi... • https://www.kb.cert.org/vuls/id/114757 • CWE-284: Improper Access Control CWE-665: Improper Initialization •