CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49382
https://notcve.org/view.php?id=CVE-2024-49382
15 Oct 2024 — Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Superficie de ataque excesiva en el servicio de servidor de archivos debido a la vinculación a una dirección IP sin restricciones. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 38690. • https://security-advisory.acronis.com/advisories/SEC-7286 • CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8766
https://notcve.org/view.php?id=CVE-2024-8766
16 Sep 2024 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-7218 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34010
https://notcve.org/view.php?id=CVE-2024-34010
29 Apr 2024 — Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. Escalada de privilegios locales debido a una vulnerabilidad de ruta de búsqueda sin comillas. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilación 37758. Local privilege escalation due to unquoted search path vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7110 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48683
https://notcve.org/view.php?id=CVE-2023-48683
29 Apr 2024 — Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) antes de la compilación 37758. Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-5899 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48682
https://notcve.org/view.php?id=CVE-2023-48682
27 Feb 2024 — Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. Vulnerabilidad de cross-site scripting (XSS) almacenado en el nombre de la unidad. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 37391. • https://security-advisory.acronis.com/advisories/SEC-5901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48681
https://notcve.org/view.php?id=CVE-2023-48681
27 Feb 2024 — Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. Vulnerabilidad de cross-site scripting (XSS) en el campo de búsqueda de nodos de almacenamiento. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 37391. • https://security-advisory.acronis.com/advisories/SEC-5900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48680
https://notcve.org/view.php?id=CVE-2023-48680
27 Feb 2024 — Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. Divulgación de información sensible debido a la recopilación excesiva de información del sistema. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (macOS, Windows) antes de la compilación 37391. • https://security-advisory.acronis.com/advisories/SEC-5392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48679
https://notcve.org/view.php?id=CVE-2023-48679
27 Feb 2024 — Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. Vulnerabilidad de cross-site scripting (XSS) almacenadas debido a la falta de validación de origen en postMessage. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 37391. • https://security-advisory.acronis.com/advisories/SEC-3469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48678
https://notcve.org/view.php?id=CVE-2023-48678
27 Feb 2024 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. Divulgación de información confidencial debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 37391. • https://security-advisory.acronis.com/advisories/SEC-2319 • CWE-276: Incorrect Default Permissions •