CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30992 – Open redirect via user-controlled query parameter
https://notcve.org/view.php?id=CVE-2022-30992
18 May 2022 — Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 Un redireccionamiento abierto por medio de un parámetro de consulta controlado por el usuario. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Linux, Windows) versiones anteriores a 29240 • https://security-advisory.acronis.com/advisories/SEC-2917 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30993 – Cleartext transmission of sensitive information
https://notcve.org/view.php?id=CVE-2022-30993
18 May 2022 — Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 Una transmisión de información confidencial en texto sin cifrar. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Linux, Windows) versiones anteriores a 29240 • https://security-advisory.acronis.com/advisories/SEC-2441 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30994 – Cleartext transmission of sensitive information
https://notcve.org/view.php?id=CVE-2022-30994
18 May 2022 — Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 Una transmisión de información confidencial en texto sin cifrar. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a 29240 • https://security-advisory.acronis.com/advisories/SEC-2388 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-30990 – Sensitive information disclosure due to insecure folder permissions
https://notcve.org/view.php?id=CVE-2022-30990
18 May 2022 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 Una divulgación de información confidencial debido a permisos de carpetas no seguras. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Linux) versiones anteriores a compilación 29240, Acronis Agent (Linux) versiones anteriores a compilación 28037 • https://security-advisory.acronis.com/advisories/SEC-2299 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44200 – Self cross-site scripting (XSS) was possible on devices page
https://notcve.org/view.php?id=CVE-2021-44200
29 Nov 2021 — Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Era posible una vulnerabilidad de tipo cross-site scripting (XSS) propio en la página de dispositivos. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-2803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-44199 – DLL hijacking could lead to denial of service
https://notcve.org/view.php?id=CVE-2021-44199
29 Nov 2021 — DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 Un secuestro de DLL podía conllevar a una denegación de servicio. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilación 28035, Acronis Agent (Windows) versiones anteriores a la compilación 27305, Acronis C... • https://security-advisory.acronis.com/advisories/SEC-2508 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44202 – Stored cross-site scripting (XSS) was possible in activity details
https://notcve.org/view.php?id=CVE-2021-44202
29 Nov 2021 — Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Era posible una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en los detalles de la actividad. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-3283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44203 – Stored cross-site scripting (XSS) was possible in protection plan details
https://notcve.org/view.php?id=CVE-2021-44203
29 Nov 2021 — Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Era posible una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en los detalles del plan de protección. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-3294 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44198 – DLL hijacking could lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-44198
29 Nov 2021 — DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 Un secuestro de DLL podría conllevar a una escalada de privilegios local. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-2128 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44201 – Cross-site scripting (XSS) was possible in notification pop-ups
https://notcve.org/view.php?id=CVE-2021-44201
29 Nov 2021 — Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Una vulnerabilidad de tipo cross-site scripting (XSS) era posible en las ventanas emergentes de notificación. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-3167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •