Acronis Cyber Protect 15 vulnerabilities
47 known vulnerabilities affecting acronis/acronis_cyber_protect_15.
Total CVEs
47
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH28MEDIUM13
Vulnerabilities
Page 2 of 3
CVE-2022-24113P3HIGHCVSS 7.8≥ unspecified, < 280352022-02-04
CVE-2022-24113 [HIGH] CWE-250 CVE-2022-24113: Local privilege escalation due to excessive permissions assigned to child processes. The following p
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
nvd
CVE-2021-44204P3HIGHCVSS 7.8≥ unspecified, < 280352022-02-04
CVE-2021-44204 [HIGH] CWE-285 CVE-2021-44204: Local privilege escalation via named pipe due to improper access control checks. The following produ
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
nvd
CVE-2022-45452P3HIGHCVSS 7.8≥ unspecified, < 309842023-05-18
CVE-2022-45452 [HIGH] CWE-269 CVE-2022-45452: Local privilege escalation due to insecure folder permissions. The following products are affected:
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2022-45455P3HIGHCVSS 7.8≥ unspecified, < 309842023-02-13
CVE-2022-45455 [HIGH] CWE-459 CVE-2022-45455: Local privilege escalation due to incomplete uninstallation cleanup. The following products are affe
Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2023-41744P3HIGHCVSS 7.8≥ unspecified, < 359792023-08-31
CVE-2023-41744 [HIGH] CWE-347 CVE-2023-41744: Local privilege escalation due to unrestricted loading of unsigned libraries. The following products
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.
nvd
CVE-2022-30990P3HIGHCVSS 7.5≥ unspecified, < 292402022-05-18
CVE-2022-30990 [HIGH] CWE-200 CVE-2022-30990: Sensitive information disclosure due to insecure folder permissions. The following products are affe
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
nvd
CVE-2023-44158P3HIGHCVSS 7.5≥ unspecified, < 359792023-09-27
CVE-2023-44158 [HIGH] CWE-522 CVE-2023-44158: Sensitive information disclosure due to insufficient token field masking. The following products are
Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2022-30993P3HIGHCVSS 7.5≥ unspecified, < 292402022-05-18
CVE-2022-30993 [HIGH] CWE-319 CVE-2022-30993: Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
nvd
CVE-2022-30994P3HIGHCVSS 7.5≥ unspecified, < 292402022-05-18
CVE-2022-30994 [HIGH] CWE-319 CVE-2022-30994: Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
nvd
CVE-2023-44159P3HIGHCVSS 7.5≥ unspecified, < 359792023-09-27
CVE-2023-44159 [HIGH] CWE-312 CVE-2023-44159: Sensitive information disclosure due to cleartext storage of sensitive information. The following pr
Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2023-41749P3HIGHCVSS 7.5≥ unspecified, < 359792023-08-31
CVE-2023-41749 [HIGH] CWE-200 CVE-2023-41749: Sensitive information disclosure due to excessive collection of system information. The following pr
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.
nvd
CVE-2022-45459P3HIGHCVSS 7.5≥ unspecified, < 309842023-05-18
CVE-2022-45459 [HIGH] CWE-200 CVE-2022-45459: Sensitive information disclosure due to insecure registry permissions. The following products are af
Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2022-45454P3HIGHCVSS 7.5fixed in 309842023-02-13
CVE-2022-45454 [HIGH] CWE-200 CVE-2022-45454: Sensitive information disclosure due to insecure folder permissions. The following products are affe
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2021-44198P3HIGHCVSS 7.8≥ unspecified, < 280352021-11-29
CVE-2021-44198 [HIGH] CWE-427 CVE-2021-44198: DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
nvd
CVE-2022-45449P3MEDIUMCVSS 6.5≥ unspecified, < 309842024-07-16
CVE-2022-45449 [MEDIUM] CWE-200 CVE-2022-45449: Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The followin
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
nvd
CVE-2023-44161P4MEDIUMCVSS 6.5≥ unspecified, < 359792023-09-27
CVE-2023-44161 [MEDIUM] CWE-352 CVE-2023-44161: Sensitive information manipulation due to cross-site request forgery. The following products are aff
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2023-44160P4MEDIUMCVSS 6.5≥ unspecified, < 359792023-09-27
CVE-2023-44160 [MEDIUM] CWE-352 CVE-2023-44160: Sensitive information manipulation due to cross-site request forgery. The following products are aff
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2022-30991P4MEDIUMCVSS 6.1≥ unspecified, < 292402022-05-18
CVE-2022-30991 [MEDIUM] CWE-74 CVE-2022-30991: HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
nvd
CVE-2021-44201P4MEDIUMCVSS 6.1≥ unspecified, < 280352021-11-29
CVE-2021-44201 [MEDIUM] CWE-79 CVE-2021-44201: Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
nvd
CVE-2022-30992P4MEDIUMCVSS 6.1≥ unspecified, < 292402022-05-18
CVE-2022-30992 [MEDIUM] CWE-601 CVE-2022-30992: Open redirect via user-controlled query parameter. The following products are affected: Acronis Cybe
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
nvd