cbcvebase.

Acronis Cyber Protect 16 vulnerabilities

36 known vulnerabilities affecting acronis/acronis_cyber_protect_16.

Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH12MEDIUM18LOW1

Vulnerabilities

Page 2 of 2
CVE-2024-55541P4MEDIUMCVSS 6.1≥ unspecified, < 391692025-01-02
CVE-2024-55541 [MEDIUM] CWE-79 CVE-2024-55541: Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
nvd
CVE-2025-48960P4MEDIUMCVSS 5.9≥ unspecified, < 399382025-06-04
CVE-2025-48960 [MEDIUM] CWE-326 CVE-2025-48960: Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.
nvd
CVE-2023-48679P4MEDIUMCVSS 5.4≥ unspecified, < 373912024-02-27
CVE-2023-48679 [MEDIUM] CWE-79 CVE-2023-48679: Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
nvd
CVE-2023-48681P4MEDIUMCVSS 6.1≥ unspecified, < 373912024-02-27
CVE-2023-48681 [MEDIUM] CWE-79 CVE-2023-48681: Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
nvd
CVE-2023-45241P4MEDIUMCVSS 5.5≥ unspecified, < 373912023-10-05
CVE-2023-45241 [MEDIUM] CWE-532 CVE-2023-45241: Sensitive information leak through log files. The following products are affected: Acronis Cyber Pro Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
nvd
CVE-2023-48682P4MEDIUMCVSS 5.4≥ unspecified, < 373912024-02-27
CVE-2023-48682 [MEDIUM] CWE-79 CVE-2023-48682: Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: A Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
nvd
CVE-2023-48680P4MEDIUMCVSS 5.5≥ unspecified, < 373912024-02-27
CVE-2023-48680 [MEDIUM] CWE-359 CVE-2023-48680: Sensitive information disclosure due to excessive collection of system information. The following pr Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.
nvd
CVE-2023-44213P4MEDIUMCVSS 5.5≥ unspecified, < 373912023-10-05
CVE-2023-44213 [MEDIUM] CWE-359 CVE-2023-44213: Sensitive information disclosure due to excessive collection of system information. The following pr Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
nvd
CVE-2024-56414P4MEDIUMCVSS 5.5≥ unspecified, < 391692025-01-02
CVE-2024-56414 [MEDIUM] CWE-328 CVE-2024-56414: Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
nvd
CVE-2023-48678P4MEDIUMCVSS 5.5≥ unspecified, < 373912024-02-27
CVE-2023-48678 [MEDIUM] CWE-276 CVE-2023-48678: Sensitive information disclosure due to insecure folder permissions. The following products are affe Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
nvd
CVE-2024-55542P4MEDIUMCVSS 4.4≥ unspecified, < 391692025-01-02
CVE-2024-55542 [MEDIUM] CWE-266 CVE-2024-55542: Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The follow Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.
nvd
CVE-2025-48962P4MEDIUMCVSS 4.3≥ unspecified, < 399382025-06-04
CVE-2025-48962 [MEDIUM] CWE-918 CVE-2025-48962: Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Pro Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
nvd
CVE-2024-49383P4MEDIUMCVSS 4.3≥ unspecified, < 386902024-10-15
CVE-2024-49383 [MEDIUM] CWE-1327 CVE-2024-49383: Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
nvd
CVE-2024-49384P4MEDIUMCVSS 4.3≥ unspecified, < 386902024-10-15
CVE-2024-49384 [MEDIUM] CWE-1327 CVE-2024-49384: Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
nvd
CVE-2024-49382P4MEDIUMCVSS 4.3≥ unspecified, < 386902024-10-15
CVE-2024-49382 [MEDIUM] CWE-1327 CVE-2024-49382: Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
nvd
CVE-2024-55539P4LOWCVSS 2.5≥ unspecified, < 399382024-12-23
CVE-2024-55539 [LOW] CWE-327 CVE-2024-55539: Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.
nvd
Acronis Cyber Protect 16 vulnerabilities | cvebase