CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4418
https://notcve.org/view.php?id=CVE-2022-4418
18 May 2023 — Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208. • https://security-advisory.acronis.com/advisories/SEC-4729 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45450
https://notcve.org/view.php?id=CVE-2022-45450
18 May 2023 — Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-2410 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45459
https://notcve.org/view.php?id=CVE-2022-45459
18 May 2023 — Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45458
https://notcve.org/view.php?id=CVE-2022-45458
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3952 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45457
https://notcve.org/view.php?id=CVE-2022-45457
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3957 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45452
https://notcve.org/view.php?id=CVE-2022-45452
18 May 2023 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3967 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45453
https://notcve.org/view.php?id=CVE-2022-45453
18 May 2023 — TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-5112 • CWE-310: Cryptographic Issues CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2679 – Data leakage in Adobe connector for SPE edition of SLM
https://notcve.org/view.php?id=CVE-2023-2679
17 May 2023 — Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. • https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32552 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32552
17 May 2023 — An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on ... • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32553 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32553
17 May 2023 — An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console. The issue result... • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-346: Origin Validation Error •