cbcvebase.

Acronis Cyber Protect 15 vulnerabilities

47 known vulnerabilities affecting acronis/acronis_cyber_protect_15.

Total CVEs
47
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH28MEDIUM13

Vulnerabilities

Page 2 of 3
CVE-2022-24113P3HIGHCVSS 7.8≥ unspecified, < 280352022-02-04
CVE-2022-24113 [HIGH] CWE-250 CVE-2022-24113: Local privilege escalation due to excessive permissions assigned to child processes. The following p Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
nvd
CVE-2021-44204P3HIGHCVSS 7.8≥ unspecified, < 280352022-02-04
CVE-2021-44204 [HIGH] CWE-285 CVE-2021-44204: Local privilege escalation via named pipe due to improper access control checks. The following produ Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
nvd
CVE-2022-45452P3HIGHCVSS 7.8≥ unspecified, < 309842023-05-18
CVE-2022-45452 [HIGH] CWE-269 CVE-2022-45452: Local privilege escalation due to insecure folder permissions. The following products are affected: Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2022-45455P3HIGHCVSS 7.8≥ unspecified, < 309842023-02-13
CVE-2022-45455 [HIGH] CWE-459 CVE-2022-45455: Local privilege escalation due to incomplete uninstallation cleanup. The following products are affe Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2023-41744P3HIGHCVSS 7.8≥ unspecified, < 359792023-08-31
CVE-2023-41744 [HIGH] CWE-347 CVE-2023-41744: Local privilege escalation due to unrestricted loading of unsigned libraries. The following products Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.
nvd
CVE-2022-30990P3HIGHCVSS 7.5≥ unspecified, < 292402022-05-18
CVE-2022-30990 [HIGH] CWE-200 CVE-2022-30990: Sensitive information disclosure due to insecure folder permissions. The following products are affe Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
nvd
CVE-2023-44158P3HIGHCVSS 7.5≥ unspecified, < 359792023-09-27
CVE-2023-44158 [HIGH] CWE-522 CVE-2023-44158: Sensitive information disclosure due to insufficient token field masking. The following products are Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2022-30993P3HIGHCVSS 7.5≥ unspecified, < 292402022-05-18
CVE-2022-30993 [HIGH] CWE-319 CVE-2022-30993: Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
nvd
CVE-2022-30994P3HIGHCVSS 7.5≥ unspecified, < 292402022-05-18
CVE-2022-30994 [HIGH] CWE-319 CVE-2022-30994: Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
nvd
CVE-2023-44159P3HIGHCVSS 7.5≥ unspecified, < 359792023-09-27
CVE-2023-44159 [HIGH] CWE-312 CVE-2023-44159: Sensitive information disclosure due to cleartext storage of sensitive information. The following pr Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2023-41749P3HIGHCVSS 7.5≥ unspecified, < 359792023-08-31
CVE-2023-41749 [HIGH] CWE-200 CVE-2023-41749: Sensitive information disclosure due to excessive collection of system information. The following pr Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.
nvd
CVE-2022-45459P3HIGHCVSS 7.5≥ unspecified, < 309842023-05-18
CVE-2022-45459 [HIGH] CWE-200 CVE-2022-45459: Sensitive information disclosure due to insecure registry permissions. The following products are af Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2022-45454P3HIGHCVSS 7.5fixed in 309842023-02-13
CVE-2022-45454 [HIGH] CWE-200 CVE-2022-45454: Sensitive information disclosure due to insecure folder permissions. The following products are affe Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
nvd
CVE-2021-44198P3HIGHCVSS 7.8≥ unspecified, < 280352021-11-29
CVE-2021-44198 [HIGH] CWE-427 CVE-2021-44198: DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
nvd
CVE-2022-45449P3MEDIUMCVSS 6.5≥ unspecified, < 309842024-07-16
CVE-2022-45449 [MEDIUM] CWE-200 CVE-2022-45449: Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The followin Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
nvd
CVE-2023-44161P4MEDIUMCVSS 6.5≥ unspecified, < 359792023-09-27
CVE-2023-44161 [MEDIUM] CWE-352 CVE-2023-44161: Sensitive information manipulation due to cross-site request forgery. The following products are aff Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2023-44160P4MEDIUMCVSS 6.5≥ unspecified, < 359792023-09-27
CVE-2023-44160 [MEDIUM] CWE-352 CVE-2023-44160: Sensitive information manipulation due to cross-site request forgery. The following products are aff Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
nvd
CVE-2022-30991P4MEDIUMCVSS 6.1≥ unspecified, < 292402022-05-18
CVE-2022-30991 [MEDIUM] CWE-74 CVE-2022-30991: HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
nvd
CVE-2021-44201P4MEDIUMCVSS 6.1≥ unspecified, < 280352021-11-29
CVE-2021-44201 [MEDIUM] CWE-79 CVE-2021-44201: Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
nvd
CVE-2022-30992P4MEDIUMCVSS 6.1≥ unspecified, < 292402022-05-18
CVE-2022-30992 [MEDIUM] CWE-601 CVE-2022-30992: Open redirect via user-controlled query parameter. The following products are affected: Acronis Cybe Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
nvd
Acronis Cyber Protect 15 vulnerabilities | cvebase