Skip to main content

Cyber Protect

64 CVEs product

Monthly

CVE-2026-28726 MEDIUM This Month

Improper access control in Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186 allows authenticated users to view sensitive information they should not have access to. The vulnerability requires valid credentials and network access but does not enable data modification or system availability impacts. No patch is currently available for this medium-severity disclosure risk.

Information Disclosure Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28725 MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.

Information Disclosure Cyber Protect Windows
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2026-28724 MEDIUM This Month

Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28723 MEDIUM This Month

Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.

Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28722 HIGH This Week

Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-28721 HIGH This Week

Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-28720 MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28719 MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2026-28718 HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28717 MEDIUM This Month

Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
5.0
EPSS
0.0%
CVE-2026-28716 MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.

Linux Windows Information Disclosure Cyber Protect
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2026-28715 MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.

Linux Windows Information Disclosure Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28714 MEDIUM This Month

Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.

Information Disclosure Cyber Protect Windows
NVD
CVSS 3.0
4.8
EPSS
0.0%
CVE-2026-28713 HIGH This Week

Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.

Information Disclosure Cyber Protect Agent
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2026-28712 MEDIUM This Month

Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2026-28711 MEDIUM This Month

Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2026-28710 CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 17.

Linux Windows Information Disclosure Cyber Protect
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28709 MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.

Linux Windows Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-30413 MEDIUM This Month

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]

Information Disclosure Cyber Protect Agent Windows macOS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-11791 HIGH This Week

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]

Information Disclosure Authentication Bypass Cyber Protect Agent Windows +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-30416 CRITICAL Act Now

Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30412 CRITICAL Act Now

Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2025-30411 CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
CVSS 3.0
10.0
EPSS
0.0%
CVE-2024-55543 HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-55541 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Cyber Protect Windows
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-55540 HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49388 CRITICAL Act Now

Sensitive information manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-49387 HIGH This Week

Cleartext transmission of sensitive information in acep-collector service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-49384 MEDIUM This Month

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49383 MEDIUM This Month

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49382 MEDIUM This Month

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-44207 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability in protection plan name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44206 CRITICAL Act Now

Sensitive information disclosure and manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-44205 MEDIUM This Month

Sensitive information disclosure due to improper authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-44161 MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-44160 MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-44159 HIGH This Week

Sensitive information disclosure due to cleartext storage of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44158 HIGH This Week

Sensitive information disclosure due to insufficient token field masking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-44157 HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44156 HIGH This Week

Sensitive information disclosure due to spell-jacking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44155 HIGH This Week

Sensitive information leak through log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-44154 HIGH This Week

Sensitive information disclosure and manipulation due to improper authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-44153 HIGH This Week

Sensitive information disclosure due to cleartext storage of sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44152 CRITICAL Act Now

Sensitive information disclosure and manipulation due to improper authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-41749 HIGH This Week

Sensitive information disclosure due to excessive collection of system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41745 MEDIUM This Month

Sensitive information disclosure due to excessive collection of system information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent Cyber Protect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41744 HIGH PATCH This Week

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Apple Jwt Attack Agent Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41743 HIGH This Week

Local privilege escalation due to insecure driver communication port permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Agent Cyber Protect Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-41742 HIGH This Week

Excessive attack surface due to binding to an unrestricted IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-30994 HIGH PATCH This Week

Cleartext transmission of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-30993 HIGH PATCH This Week

Cleartext transmission of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-30992 MEDIUM PATCH This Month

Open redirect via user-controlled query parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Microsoft Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-30991 MEDIUM PATCH This Month

HTML injection via report name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Code Injection Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-30990 HIGH PATCH This Week

Sensitive information disclosure due to insecure folder permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cyber Protect Agent
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-44203 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) was possible in protection plan details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44202 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) was possible in activity details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44201 MEDIUM PATCH This Month

Cross-site scripting (XSS) was possible in notification pop-ups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44200 MEDIUM PATCH This Month

Self cross-site scripting (XSS) was possible on devices page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44199 MEDIUM PATCH This Month

DLL hijacking could lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Agent Cyber Protect Cyber Protect Home Office
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-44198 HIGH PATCH This Week

DLL hijacking could lead to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38088 HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38087 MEDIUM This Month

Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38086 HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10138 HIGH This Week

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass Cyber Backup +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper access control in Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186 allows authenticated users to view sensitive information they should not have access to. The vulnerability requires valid credentials and network access but does not enable data modification or system availability impacts. No patch is currently available for this medium-severity disclosure risk.

Information Disclosure Authentication Bypass Cyber Protect +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows (before build 41186) exposes sensitive information through insecure headless browser configuration, allowing local authenticated users to read confidential data without modifying or disrupting system operations. The vulnerability requires local access and valid credentials but poses a direct confidentiality risk to organizations using affected versions. No patch is currently available.

Information Disclosure Cyber Protect Windows
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Acronis Cyber Protect 17 prior to build 41186 contains insufficient access control validation that permits authenticated users to read sensitive data they should not have access to. The vulnerability affects both Linux and Windows deployments and requires valid credentials to exploit, limiting the attack surface to authenticated attackers. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Acronis Cyber Protect 17 (Linux, Windows) before build 41186 contains an improper access control vulnerability allowing authenticated users to delete reports they should not have permission to access. An attacker with valid credentials could exploit this to remove audit trails or other critical reports, potentially compromising compliance and forensic capabilities. No patch is currently available for this issue.

Authentication Bypass Cyber Protect Windows
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows before build 41186 allows authenticated users to modify application settings due to inadequate authorization validation. An attacker with valid credentials could exploit this to alter configurations and potentially compromise system integrity or bypass security controls. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows (before build 41186) fails to properly validate user permissions, allowing authenticated users to modify resources they should not have access to. The vulnerability requires valid credentials and does not enable remote code execution or denial of service, but could allow privilege escalation or unauthorized data manipulation within the application. No patch is currently available.

Authentication Bypass Cyber Protect Windows
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Linux Windows Denial Of Service +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux, Windows) before build 41186 allow local authenticated users to access sensitive information and modify data. This medium-severity vulnerability requires local access and user privileges but poses no availability risk. No patch is currently available for this issue.

Linux Windows Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper authorization checks in Acronis Cyber Protect 17 (Linux and Windows) before build 41186 allow authenticated users to access sensitive information they should not have permission to view. An attacker with valid credentials can exploit this vulnerability to disclose confidential data without performing any additional actions. No patch is currently available for this medium-severity issue.

Linux Windows Information Disclosure +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Acronis Cyber Protect 17 before build 41186 transmits sensitive cryptographic material unnecessarily, allowing adjacent network attackers to potentially intercept and obtain this sensitive data under specific conditions. The vulnerability requires user interaction and affects both Linux and Windows deployments. No patch is currently available.

Information Disclosure Cyber Protect Windows
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.

Information Disclosure Cyber Protect Agent
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 17.

Linux Windows Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Acronis Cyber Protect 17 on Linux and Windows before build 41186 contains an authorization bypass that allows authenticated users to manipulate resources they should not have access to. The vulnerability requires valid credentials and network access but poses a moderate risk of unauthorized data modification within the affected environment.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. [CVSS 4.4 MEDIUM]

Information Disclosure Cyber Protect Agent +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 5.5 MEDIUM]

Information Disclosure Authentication Bypass Cyber Protect +3
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Second improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Improper authentication in Acronis Cyber Protect 16. CVSS 10.0.

Linux Windows Cyber Protect
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Cyber Protect +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Sensitive information manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Cyber Protect
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cleartext transmission of sensitive information in acep-collector service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability in protection plan name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Cyber Protect
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Sensitive information disclosure and manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Sensitive information disclosure due to improper authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive information disclosure due to cleartext storage of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Sensitive information disclosure due to insufficient token field masking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cyber Protect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Sensitive information disclosure due to spell-jacking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Sensitive information leak through log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Sensitive information disclosure and manipulation due to improper authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive information disclosure due to cleartext storage of sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Sensitive information disclosure and manipulation due to improper authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive information disclosure due to excessive collection of system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive information disclosure due to excessive collection of system information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Apple Jwt Attack +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation due to insecure driver communication port permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Agent +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Excessive attack surface due to binding to an unrestricted IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Cleartext transmission of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Cyber Protect
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Cleartext transmission of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Cyber Protect
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Open redirect via user-controlled query parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Microsoft Cyber Protect
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

HTML injection via report name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Code Injection Cyber Protect
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Sensitive information disclosure due to insecure folder permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cyber Protect Agent
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) was possible in protection plan details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) was possible in activity details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) was possible in notification pop-ups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft XSS Cyber Protect
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Self cross-site scripting (XSS) was possible on devices page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

DLL hijacking could lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Agent +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

DLL hijacking could lead to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cyber Protect
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy