CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45457
https://notcve.org/view.php?id=CVE-2022-45457
18 May 2023 — Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3957 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45452
https://notcve.org/view.php?id=CVE-2022-45452
18 May 2023 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-3967 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45453
https://notcve.org/view.php?id=CVE-2022-45453
18 May 2023 — TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-5112 • CWE-310: Cryptographic Issues CWE-326: Inadequate Encryption Strength •
CVSS: 9.3EPSS: 53%CPEs: 21EXPL: 0CVE-2022-30995
https://notcve.org/view.php?id=CVE-2022-30995
03 May 2023 — Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. • https://security-advisory.acronis.com/advisories/SEC-3855 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 26%CPEs: 21EXPL: 2CVE-2022-3405 – Acronis Cyber Protect/Backup Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-3405
03 May 2023 — Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the... • https://packetstorm.news/files/id/182937 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45455
https://notcve.org/view.php?id=CVE-2022-45455
13 Feb 2023 — Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4459 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-45454
https://notcve.org/view.php?id=CVE-2022-45454
13 Feb 2023 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-4379 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44746
https://notcve.org/view.php?id=CVE-2022-44746
07 Nov 2022 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. Divulgación de información confidencial debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilación 40107. • https://security-advisory.acronis.com/advisories/SEC-4398 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44745
https://notcve.org/view.php?id=CVE-2022-44745
07 Nov 2022 — Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. Se filtra información sensible a través de archivos de registro. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilación 40107. • https://security-advisory.acronis.com/advisories/SEC-3481 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44744
https://notcve.org/view.php?id=CVE-2022-44744
07 Nov 2022 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Cyber Protect Home Office (Windows) anterior a la compilación 40107. • https://security-advisory.acronis.com/advisories/SEC-2718 • CWE-427: Uncontrolled Search Path Element •