CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-44154
https://notcve.org/view.php?id=CVE-2023-44154
27 Sep 2023 — Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. Divulgación y manipulación de información sensible por autorización indebida. Los siguientes productos se ven afectados: Acronis Cyber Protect 15 (Linux, Windows) antes de la build 35979. • https://security-advisory.acronis.com/advisories/SEC-2436 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44153
https://notcve.org/view.php?id=CVE-2023-44153
27 Sep 2023 — Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. Divulgación de información confidencial debido al almacenamiento en texto claro de información confidencial en la memoria. Los siguientes productos se ven afectados: Acronis Cyber Protect 15 (Linux, macOS, Windows) antes de la build 35979. • https://security-advisory.acronis.com/advisories/SEC-1994 • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 9.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44152
https://notcve.org/view.php?id=CVE-2023-44152
27 Sep 2023 — Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. Divulgación y manipulación de información sensible por autenticación inadecuada. Los siguientes productos se ven afectados: Acronis Cyber Protect 15 (Linux, macOS, Windows) antes de la build 35979. • https://security-advisory.acronis.com/advisories/SEC-1908 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45450
https://notcve.org/view.php?id=CVE-2022-45450
18 May 2023 — Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-2410 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45459
https://notcve.org/view.php?id=CVE-2022-45459
18 May 2023 — Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45458
https://notcve.org/view.php?id=CVE-2022-45458
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3952 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45457
https://notcve.org/view.php?id=CVE-2022-45457
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3957 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45452
https://notcve.org/view.php?id=CVE-2022-45452
18 May 2023 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3967 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45453
https://notcve.org/view.php?id=CVE-2022-45453
18 May 2023 — TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-5112 • CWE-310: Cryptographic Issues CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30991 – HTML injection via report name
https://notcve.org/view.php?id=CVE-2022-30991
18 May 2022 — HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 Una Inyección de HTML por medio del nombre del informe. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Linux, Windows) versiones anteriores a 29240 • https://security-advisory.acronis.com/advisories/SEC-3928 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •