cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55541,https://securityvulnerability.io/vulnerability/CVE-2024-55541,Stored Cross-Site Scripting Vulnerability in Acronis Cyber Protect 16,"A stored cross-site scripting (XSS) vulnerability exists in Acronis Cyber Protect 16 due to insufficient origin validation in the postMessage function. This flaw allows attackers to inject malicious scripts that could be executed in the context of the affected application. Users operating versions prior to build 39169 are particularly at risk. Mitigation efforts are recommended to address this vulnerability and safeguard sensitive user data. For further information, consult the vendor's advisory.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:55.281Z,0
CVE-2024-55542,https://securityvulnerability.io/vulnerability/CVE-2024-55542,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A local privilege escalation vulnerability exists in the Tray Monitor service of Acronis Cyber Protect products, where excessive permissions can lead to unauthorized access and escalation of user privileges. This affects Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent across multiple platforms, including Linux, macOS, and Windows, prior to specified build versions. Users and organizations utilizing these products should take immediate action to update their installations to mitigate potential security risks.",Acronis,"Acronis Cyber Protect 16,Acronis Cyber Protect Cloud Agent",,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:40.928Z,0
CVE-2024-56414,https://securityvulnerability.io/vulnerability/CVE-2024-56414,Weak Hash Algorithm Vulnerability in Acronis Cyber Protect by Acronis,"A vulnerability exists in Acronis Cyber Protect 16 for Windows due to the use of a weak hash algorithm in the web installer integrity check. This flaw can potentially allow an attacker to manipulate the integrity of the installation process, leading to unauthorized access or execution of malicious code. The affected version includes all builds prior to 39169, necessitating prompt updates to mitigate associated security risks.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:10.784Z,0
CVE-2024-56413,https://securityvulnerability.io/vulnerability/CVE-2024-56413,Session Invalidation Flaw in Acronis Cyber Protect 16 by Acronis,"Acronis Cyber Protect 16 contains a vulnerability due to missing session invalidation after user deletion. This flaw potentially allows unauthorized access, which could be exploited by malicious actors to continue to use a session associated with a deleted user account, thereby compromising sensitive information and system integrity. Users of Acronis Cyber Protect 16 (Windows) prior to build 39169 should review their security measures and consider applying the latest updates to mitigate potential risks.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:26:00.507Z,0
CVE-2024-55540,https://securityvulnerability.io/vulnerability/CVE-2024-55540,Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis,"A vulnerability exists in Acronis Cyber Protect 16, specifically affecting Windows systems prior to build 39169, allowing for local privilege escalation through DLL hijacking. Attackers could leverage this vulnerability to execute code with elevated privileges, posing significant risks to user security and the integrity of the affected systems. It is crucial for users of Acronis Cyber Protect 16 to apply the necessary updates and patches to mitigate the potential impact of this vulnerability as highlighted in the vendor advisory.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:25:48.887Z,0
CVE-2024-55543,https://securityvulnerability.io/vulnerability/CVE-2024-55543,Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis,"Acronis Cyber Protect 16 contains a local privilege escalation vulnerability attributed to DLL hijacking. This vulnerability can allow unauthorized users to gain elevated privileges on affected systems. Specifically, users with local access can exploit this weakness to execute malicious code, potentially compromising the integrity and confidentiality of the system. It is crucial for users to update to build 39169 or later to mitigate the associated risks. For further details, refer to vendor advisory SEC-6418.",Acronis,Acronis Cyber Protect 16,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T15:24:26.589Z,0
CVE-2024-49388,https://securityvulnerability.io/vulnerability/CVE-2024-49388,Improper Authorization Leads to Sensitive Information Manipulation in Acronis Cyber Protect 16,"A vulnerability exists in Acronis Cyber Protect 16 that allows for sensitive information manipulation as a result of improper authorization processes. This flaw impacts users of the software on both Linux and Windows platforms prior to build 38690, potentially enabling unauthorized users to access or alter sensitive data. Organizations using affected versions should prioritize updating their systems to mitigate the associated risks detailed in the vendor's advisory SEC-5984.",Acronis,Acronis Cyber Protect 16,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-15T10:34:24.960Z,0
CVE-2024-49387,https://securityvulnerability.io/vulnerability/CVE-2024-49387,Sensitive Information Transmitted in Clear Text in Acronis Cyber Protect 16 Before Build 38690,"Acronis Cyber Protect 16 (Linux, Windows) before build 38690 is susceptible to a vulnerability allowing the cleartext transmission of sensitive information within the acep-collector service. This flaw may expose critical data to unauthorized interception, potentially compromising the integrity and confidentiality of user information. Users of the affected versions are encouraged to apply the necessary updates to mitigate risks associated with this vulnerability.",Acronis,Acronis Cyber Protect 16,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-15T10:34:10.675Z,0
CVE-2024-49384,https://securityvulnerability.io/vulnerability/CVE-2024-49384,Excessive attack surface in Acronis Cyber Protect 16 due to binding to unrestricted IP address,"Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:33:52.655Z,0
CVE-2024-49383,https://securityvulnerability.io/vulnerability/CVE-2024-49383,Excessive attack surface due to unrestricted IP address binding,"Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:33:14.227Z,0
CVE-2024-49382,https://securityvulnerability.io/vulnerability/CVE-2024-49382,Unrestricted IP Address Leaves Archive-Server Service Vulnerable to Attacks,"Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",Acronis,Acronis Cyber Protect 16,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T10:32:55.845Z,0
CVE-2024-8766,https://securityvulnerability.io/vulnerability/CVE-2024-8766,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows local privilege escalation through DLL hijacking. This enables an attacker to exploit the system and gain unauthorized access, potentially leading to further security breaches. Users are advised to upgrade to the latest builds to mitigate these risks. For detailed information, please refer to the vendor advisory.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-16T20:15:00.000Z,0
CVE-2023-48683,https://securityvulnerability.io/vulnerability/CVE-2023-48683,Sensitive Information Disclosure in Acronis Cyber Protect Products,"A vulnerability in Acronis Cyber Protect products allows for the unauthorized access and manipulation of sensitive information due to inadequate authorization mechanisms. This affects multiple platforms including Linux, macOS, and Windows, potentially exposing users to security risks. Users are advised to upgrade to the latest builds to mitigate this risk.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2024-34010,https://securityvulnerability.io/vulnerability/CVE-2024-34010,Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows for local privilege escalation. This vulnerability arises due to an unquoted search path, which could be exploited to gain unauthorized elevated privileges on affected Windows systems. Versions prior to build 37758 of Acronis Cyber Protect Cloud Agent and build 38690 of Acronis Cyber Protect 16 are susceptible. Users of these products are encouraged to update their software to mitigate potential security risks.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T16:15:00.000Z,0
CVE-2023-48682,https://securityvulnerability.io/vulnerability/CVE-2023-48682,Stored XSS Vulnerability Affects Acronis Cyber Protect 16 for Linux and Windows,"Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:53:05.091Z,0
CVE-2023-48681,https://securityvulnerability.io/vulnerability/CVE-2023-48681,Self Cross-Site Scripting (XSS) Vulnerability in Storage Nodes Search Field,"Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,1.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:52:25.743Z,0
CVE-2023-48680,https://securityvulnerability.io/vulnerability/CVE-2023-48680,Excessive System Information Collection Leads to Sensitive Information Disclosure,"Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:51:19.284Z,0
CVE-2023-48679,https://securityvulnerability.io/vulnerability/CVE-2023-48679,Missing Origin Validation in postMessage Exposes Stored XSS Vulnerability,"Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:45:53.340Z,0
CVE-2023-48678,https://securityvulnerability.io/vulnerability/CVE-2023-48678,Insecure Folder Permissions Expose Sensitive Information,"Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.",Acronis,Acronis Cyber Protect 16,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-27T16:45:00.771Z,0
CVE-2023-45247,https://securityvulnerability.io/vulnerability/CVE-2023-45247,Sensitive Information Disclosure in Acronis Cyber Protect Products,"A vulnerability exists in Acronis Cyber Protect products that allows unauthorized access to sensitive information due to missing authorization checks. This exposure may lead to data manipulation, putting users at risk. The affected versions include Acronis Cyber Protect Cloud Agent prior to build 36497 and Acronis Cyber Protect 16 prior to build 39169. Users are urged to update their software to mitigate potential risks.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-09T12:15:00.000Z,0
CVE-2023-45248,https://securityvulnerability.io/vulnerability/CVE-2023-45248,Local Privilege Escalation in Acronis Cyber Protect Products,"A local privilege escalation vulnerability exists in Acronis Cyber Protect products due to improper handling of dynamic-link library (DLL) files, allowing an attacker to leverage this flaw for unauthorized access and execution of arbitrary code. This issue impacts versions prior to build 36497 of Acronis Cyber Protect Cloud Agent and versions before build 37391 of Acronis Cyber Protect 16, presenting potential risks for users and organizations relying on these solutions.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-09T12:15:00.000Z,0
CVE-2023-45246,https://securityvulnerability.io/vulnerability/CVE-2023-45246,Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect Products,"A vulnerability has been identified in Acronis Cyber Protect products that allows for sensitive information disclosure and manipulation due to missing authorization mechanisms. Users of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 on Linux, macOS, and Windows platforms, especially those running builds prior to 36343 and 39169 respectively, are advised to review the detailed advisory and implement the necessary updates to safeguard their systems.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-06T11:15:00.000Z,0
CVE-2023-45244,https://securityvulnerability.io/vulnerability/CVE-2023-45244,Sensitive Information Disclosure Vulnerability in Acronis Cyber Protect Products,"A vulnerability exists within Acronis Cyber Protect products, allowing unauthorized access to sensitive information due to inadequate authorization checks. Specifically, this affects Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 across multiple operating systems prior to specific builds. Attackers could exploit this flaw to manipulate or access sensitive data without sufficient permissions, leading to potential data breaches.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-06T10:15:00.000Z,0
CVE-2023-44213,https://securityvulnerability.io/vulnerability/CVE-2023-44213,Sensitive Information Disclosure in Acronis Cyber Protect Products,"The vulnerability allows unauthorized access to sensitive system information due to the excessive collection of data by Acronis Cyber Protect products. This flaw affects multiple versions of Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 for Windows, potentially exposing critical user data to attackers. Users are urged to update to the latest builds to mitigate this risk.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-05T22:15:00.000Z,0
CVE-2023-44211,https://securityvulnerability.io/vulnerability/CVE-2023-44211,Sensitive Information Disclosure in Acronis Cyber Protect Products,"A missing authorization vulnerability affects Acronis Cyber Protect products, allowing unauthorized access to sensitive information. This issue impacts multiple builds across the Cyber Protect Cloud Agent and Cyber Protect 16, potentially exposing users' data to risk. Acronis has provided an advisory detailing the affected versions and recommended actions to mitigate this vulnerability.",Acronis,"Acronis Cyber Protect Cloud Agent,Acronis Cyber Protect 16",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-05T22:15:00.000Z,0