Skip to main content

True Image

9 CVEs product

Monthly

CVE-2021-32581 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cyber Protect Cloud Cyber Protection Agent True Image
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-32580 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-32579 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Microsoft Authentication Bypass True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32578 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32577 HIGH This Week

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32576 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-10140 HIGH This Week

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE True Image
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-10139 HIGH This Week

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass True Image
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-3219 HIGH This Week

Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure True Image
NVD
CVSS 3.0
8.8
EPSS
0.0%
EPSS 1% CVSS 8.1
HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cyber Protect Cloud +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE True Image
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure True Image
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy