CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55540
https://notcve.org/view.php?id=CVE-2024-55540
02 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-2245 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55543
https://notcve.org/view.php?id=CVE-2024-55543
02 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-6418 • CWE-427: Uncontrolled Search Path Element •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55539
https://notcve.org/view.php?id=CVE-2024-55539
23 Dec 2024 — Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185. Algoritmo débil utilizado para firmar el paquete RPM. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Linux) antes de la compilación 39185. • https://security-advisory.acronis.com/advisories/SEC-5825 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49388
https://notcve.org/view.php?id=CVE-2024-49388
15 Oct 2024 — Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Manipulación de información confidencial debido a una autorización indebida. Los siguientes productos están afectados: Acronis Cyber Protect 16 (Linux, Windows) anterior a la compilación 38690. • https://security-advisory.acronis.com/advisories/SEC-5984 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49387
https://notcve.org/view.php?id=CVE-2024-49387
15 Oct 2024 — Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Transmisión de texto plano de información confidencial en el servicio acep-collector. Los siguientes productos están afectados: Acronis Cyber Protect 16 (Linux, Windows) anterior a la compilación 38690. • https://security-advisory.acronis.com/advisories/SEC-7022 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49384
https://notcve.org/view.php?id=CVE-2024-49384
15 Oct 2024 — Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Superficie de ataque excesiva en el servicio acep-collector debido a la vinculación a una dirección IP sin restricciones. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 38690. • https://security-advisory.acronis.com/advisories/SEC-7284 • CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49383
https://notcve.org/view.php?id=CVE-2024-49383
15 Oct 2024 — Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Superficie de ataque excesiva en el servicio acep-importer debido a la vinculación a una dirección IP sin restricciones. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 38690. • https://security-advisory.acronis.com/advisories/SEC-7285 • CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49382
https://notcve.org/view.php?id=CVE-2024-49382
15 Oct 2024 — Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Superficie de ataque excesiva en el servicio de servidor de archivos debido a la vinculación a una dirección IP sin restricciones. Los siguientes productos se ven afectados: Acronis Cyber Protect 16 (Linux, Windows) antes de la compilación 38690. • https://security-advisory.acronis.com/advisories/SEC-7286 • CWE-1327: Binding to an Unrestricted IP Address •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8903
https://notcve.org/view.php?id=CVE-2024-8903
23 Sep 2024 — Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565. Manipulación de la configuración del servicio de protección activa local debido a la asignación innecesaria de privilegios. Los siguientes productos se ven afectados: Acronis Cyber ??Protect Cloud Agent (Windows, macOS) antes de la compilación 38565. • https://security-advisory.acronis.com/advisories/SEC-7510 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8766
https://notcve.org/view.php?id=CVE-2024-8766
16 Sep 2024 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-7218 • CWE-427: Uncontrolled Search Path Element •