CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45459
https://notcve.org/view.php?id=CVE-2022-45459
18 May 2023 — Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-45458
https://notcve.org/view.php?id=CVE-2022-45458
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3952 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45457
https://notcve.org/view.php?id=CVE-2022-45457
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3957 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45452
https://notcve.org/view.php?id=CVE-2022-45452
18 May 2023 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3967 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45453
https://notcve.org/view.php?id=CVE-2022-45453
18 May 2023 — TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-5112 • CWE-310: Cryptographic Issues CWE-326: Inadequate Encryption Strength •
CVSS: 9.3EPSS: 53%CPEs: 21EXPL: 0CVE-2022-30995
https://notcve.org/view.php?id=CVE-2022-30995
03 May 2023 — Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. • https://security-advisory.acronis.com/advisories/SEC-3855 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 26%CPEs: 21EXPL: 2CVE-2022-3405 – Acronis Cyber Protect/Backup Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-3405
03 May 2023 — Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the... • https://packetstorm.news/files/id/182937 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45455
https://notcve.org/view.php?id=CVE-2022-45455
13 Feb 2023 — Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4459 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-45454
https://notcve.org/view.php?id=CVE-2022-45454
13 Feb 2023 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4379 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30991 – HTML injection via report name
https://notcve.org/view.php?id=CVE-2022-30991
18 May 2022 — HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 Una Inyección de HTML por medio del nombre del informe. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Linux, Windows) versiones anteriores a 29240 • https://security-advisory.acronis.com/advisories/SEC-3928 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •