CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-32581
https://notcve.org/view.php?id=CVE-2021-32581
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. Acronis True Image anterior a versión 2021 Update 4 para Windows, Acronis True Image anterior a versión 2021 Update 5 para Mac, Acronis Agent anterior a la compilación 26653, Acronis Cyber Protect anterior a la compilación 27009, no implementaban la comprobación de certificados SSL • https://kb.acronis.com/content/68413 https://kb.acronis.com/content/68419 https://kb.acronis.com/content/68648 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35556
https://notcve.org/view.php?id=CVE-2020-35556
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. Se detectó un problema en Acronis Cyber ??Protect versiones anteriores a 15 Update 1 build 26172. Debido a que el servicio de notificación local configura inapropiadamente CORS, puede ocurrir una divulgación de información • https://dl.managed-protection.com/u/cyberprotect/rn/15/user/en-US/AcronisCyberProtect15_relnotes.htm https://www.acronis.com •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35664
https://notcve.org/view.php?id=CVE-2020-35664
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. Se detectó un problema en Acronis Cyber ??Protect versiones anteriores a 15 Update 1 build 26172. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en la consola • https://dl.managed-protection.com/u/cyberprotect/rn/15/user/en-US/AcronisCyberProtect15_relnotes.htm https://www.acronis.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10138
https://notcve.org/view.php?id=CVE-2020-10138
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. Acronis Cyber ??Backup versión 12.5 y Cyber ?? • https://www.kb.cert.org/vuls/id/114757 • CWE-284: Improper Access Control CWE-665: Improper Initialization •