3 results (0.013 seconds)

CVSS: 9.8EPSS: 88%CPEs: 5EXPL: 0

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. • https://security-advisory.acronis.com/advisories/SEC-6452 https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild https://attackerkb.com/topics/T2b62daDsL/cve-2023-45249 • CWE-1393: Use of Default Password •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. • https://security-advisory.acronis.com/advisories/SEC-3475 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. • https://security-advisory.acronis.com/advisories/SEC-4215 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •