CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56414
https://notcve.org/view.php?id=CVE-2024-56414
02 Jan 2025 — Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-1911 • CWE-328: Use of Weak Hash •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56413
https://notcve.org/view.php?id=CVE-2024-56413
02 Jan 2025 — Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-7612 • CWE-613: Insufficient Session Expiration •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55540
https://notcve.org/view.php?id=CVE-2024-55540
02 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-2245 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55543
https://notcve.org/view.php?id=CVE-2024-55543
02 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-6418 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49385
https://notcve.org/view.php?id=CVE-2024-49385
02 Jan 2025 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736. • https://security-advisory.acronis.com/advisories/SEC-2397 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55538
https://notcve.org/view.php?id=CVE-2024-55538
02 Jan 2025 — Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736. • https://security-advisory.acronis.com/advisories/SEC-2209 • CWE-306: Missing Authentication for Critical Function •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55539
https://notcve.org/view.php?id=CVE-2024-55539
23 Dec 2024 — Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185. Algoritmo débil utilizado para firmar el paquete RPM. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Linux) antes de la compilación 39185. • https://security-advisory.acronis.com/advisories/SEC-5825 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34015
https://notcve.org/view.php?id=CVE-2024-34015
11 Nov 2024 — Sensitive information disclosure during file browsing due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818. Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892. Sensitive information disclosure during file br... • https://security-advisory.acronis.com/advisories/SEC-7601 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34014
https://notcve.org/view.php?id=CVE-2024-34014
11 Nov 2024 — Arbitrary file overwrite during recovery due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181. Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plug... • https://security-advisory.acronis.com/advisories/SEC-7592 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49386
https://notcve.org/view.php?id=CVE-2024-49386
17 Oct 2024 — Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. Divulgación de información confidencial debido a la piratería de hechizos. Los siguientes productos se ven afectados: Acronis Cyber Files (Windows) antes de la compilación 9.0.0x24. • https://security-advisory.acronis.com/advisories/SEC-5129 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •