Search

Find a vulnerability

Search criteria

    90 vulnerabilities found for agent by acronis

    CVE-2026-28727 (GCVE-0-2026-28727)

    Vulnerability from nvd – Published: 2026-03-05 23:45 – Updated: 2026-04-02 17:05
    VLAI
    Summary
    Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @aiqitut (https://hackerone.com/aiqitut)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-07T04:55:25.648024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T13:47:56.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@aiqitut (https://hackerone.com/aiqitut)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:05:54.369Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9408",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9408"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28727",
        "datePublished": "2026-03-05T23:45:20.331Z",
        "dateReserved": "2026-03-03T02:29:03.754Z",
        "dateUpdated": "2026-04-02T17:05:54.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28713 (GCVE-0-2026-28713)

    Vulnerability from nvd – Published: 2026-03-05 23:51 – Updated: 2026-03-07 04:55
    VLAI
    Summary
    Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36943 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28713",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-07T04:55:22.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "VMware"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36943",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "VMware"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:51:30.830Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4168",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4168"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28713",
        "datePublished": "2026-03-05T23:51:30.830Z",
        "dateReserved": "2026-03-03T02:29:03.753Z",
        "dateUpdated": "2026-03-07T04:55:22.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-30413 (GCVE-0-2025-30413)

    Vulnerability from nvd – Published: 2026-03-05 23:56 – Updated: 2026-03-06 19:33
    VLAI
    Summary
    Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 40497 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Credits
    Airbus SecLab (mailto:vuln@airbus.com) Quentin Liddell (mailto:vuln@airbus.com) Mattéo Ricordeau (mailto:vuln@airbus.com) Benoît Camredon (mailto:vuln@airbus.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:29:48.093663Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:33:57.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40497",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SecLab (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Quentin Liddell (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Matt\u00e9o Ricordeau (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Beno\u00eet Camredon (mailto:vuln@airbus.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:56:29.887Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-8658",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-8658"
            },
            {
              "name": "SEC-9386",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-9386"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-30413",
        "datePublished": "2026-03-05T23:56:29.887Z",
        "dateReserved": "2025-03-21T21:04:39.511Z",
        "dateUpdated": "2026-03-06T19:33:57.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11792 (GCVE-0-2025-11792)

    Vulnerability from nvd – Published: 2026-03-05 23:45 – Updated: 2026-03-06 19:34
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Credits
    @satz4797 (https://hackerone.com/satz4797)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:31:24.491842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:34:53.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@satz4797 (https://hackerone.com/satz4797)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:45:55.938Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9439",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9439"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11792",
        "datePublished": "2026-03-05T23:45:55.938Z",
        "dateReserved": "2025-10-15T13:31:56.963Z",
        "dateUpdated": "2026-03-06T19:34:53.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11791 (GCVE-0-2025-11791)

    Vulnerability from nvd – Published: 2026-03-05 23:46 – Updated: 2026-03-06 19:34
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:29:56.807824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:34:47.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:46:27.697Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9405",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9405"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11791",
        "datePublished": "2026-03-05T23:46:27.697Z",
        "dateReserved": "2025-10-15T13:28:33.632Z",
        "dateUpdated": "2026-03-06T19:34:47.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11790 (GCVE-0-2025-11790)

    Vulnerability from nvd – Published: 2026-03-05 23:47 – Updated: 2026-03-06 19:34
    VLAI
    Summary
    Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Credits
    Airbus SecLab (mailto:vuln@airbus.com) Quentin Liddell (mailto:vuln@airbus.com) Mattéo Ricordeau (mailto:vuln@airbus.com) Benoît Camredon (mailto:vuln@airbus.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:29:54.540014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:34:40.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SecLab (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Quentin Liddell (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Matt\u00e9o Ricordeau (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Beno\u00eet Camredon (mailto:vuln@airbus.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:47:00.724Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9386",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9386"
            },
            {
              "name": "SEC-8658",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-8658"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11790",
        "datePublished": "2026-03-05T23:47:00.724Z",
        "dateReserved": "2025-10-15T13:25:36.751Z",
        "dateUpdated": "2026-03-06T19:34:40.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-48676 (GCVE-0-2023-48676)

    Vulnerability from nvd – Published: 2023-12-14 13:32 – Updated: 2024-08-02 21:37
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36943 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:54.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5905",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5905"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36943",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T13:32:28.791Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5905",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5905"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-48676",
        "datePublished": "2023-12-14T13:32:28.791Z",
        "dateReserved": "2023-11-17T14:33:30.399Z",
        "dateUpdated": "2024-08-02T21:37:54.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45248 (GCVE-0-2023-45248)

    Vulnerability from nvd – Published: 2023-10-09 11:08 – Updated: 2025-06-16 17:06
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36497 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 37391 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6052",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6052"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T16:09:28.243028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T17:06:45.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36497",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37391",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T16:55:03.256Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6052",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6052"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45248",
        "datePublished": "2023-10-09T11:08:37.009Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2025-06-16T17:06:45.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45247 (GCVE-0-2023-45247)

    Vulnerability from nvd – Published: 2023-10-09 11:09 – Updated: 2025-06-16 17:05
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36497 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 39169 (semver)
    Create a notification for this product.
    acronis agent Affected: 0 , < 36497 (semver)
        cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6600",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6600"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "36497",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45247",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T17:05:17.803696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T17:05:43.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36497",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39169",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-02T15:25:01.362Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6600",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6600"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45247",
        "datePublished": "2023-10-09T11:09:00.897Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2025-06-16T17:05:43.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45246 (GCVE-0-2023-45246)

    Vulnerability from nvd – Published: 2023-10-06 10:07 – Updated: 2025-01-02 15:25
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36343 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 39169 (semver)
    Create a notification for this product.
    acronis cyber_protect_cloud_agent Affected: 0 , < 36343 (semver)
        cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5903",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5903"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cyber_protect_cloud_agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "36343",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:26:17.297377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T18:30:05.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36343",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39169",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-02T15:25:18.885Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5903",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5903"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45246",
        "datePublished": "2023-10-06T10:07:06.167Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2025-01-02T15:25:18.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45245 (GCVE-0-2023-45245)

    Vulnerability from nvd – Published: 2023-10-06 09:53 – Updated: 2024-09-19 18:30
    VLAI
    Summary
    Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Agent Affected: unspecified , < 36119 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6017",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6017"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:30:32.703074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T18:30:43.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36119",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T09:53:55.524Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6017",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6017"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45245",
        "datePublished": "2023-10-06T09:53:55.524Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2024-09-19T18:30:43.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45244 (GCVE-0-2023-45244)

    Vulnerability from nvd – Published: 2023-10-06 09:47 – Updated: 2024-08-02 20:14
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 35895 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 37391 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5907",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35895",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37391",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T16:53:48.749Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5907",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5907"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45244",
        "datePublished": "2023-10-06T09:47:15.441Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2024-08-02T20:14:19.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45243 (GCVE-0-2023-45243)

    Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2026-03-05 23:49
    VLAI
    Summary
    Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 35739 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6019",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6019"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T17:28:12.048552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T17:28:23.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35739",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:49:17.744Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6019",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6019"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45243",
        "datePublished": "2023-10-05T21:57:49.413Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2026-03-05T23:49:17.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-45242 (GCVE-0-2023-45242)

    Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2026-03-05 23:52
    VLAI
    Summary
    Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 35739 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6018",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6018"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T17:30:15.068298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T17:30:32.097Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35739",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:52:56.366Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6018",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6018"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45242",
        "datePublished": "2023-10-05T21:57:35.406Z",
        "dateReserved": "2023-10-05T21:47:00.378Z",
        "dateUpdated": "2026-03-05T23:52:56.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-45241 (GCVE-0-2023-45241)

    Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2024-09-20 13:12
    VLAI
    Summary
    Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 35739 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 37391 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:20.038Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5999",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5999"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:36:24.982118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T13:12:02.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35739",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37391",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T16:54:15.100Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5999",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5999"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45241",
        "datePublished": "2023-10-05T21:57:23.228Z",
        "dateReserved": "2023-10-05T21:47:00.378Z",
        "dateUpdated": "2024-09-20T13:12:02.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45240 (GCVE-0-2023-45240)

    Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2024-09-20 13:12
    VLAI
    Summary
    Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Agent Affected: unspecified , < 35739 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.779Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5904",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5904"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:36:30.639917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T13:12:25.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35739",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T21:57:11.962Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5904",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5904"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45240",
        "datePublished": "2023-10-05T21:57:11.962Z",
        "dateReserved": "2023-10-05T21:47:00.378Z",
        "dateUpdated": "2024-09-20T13:12:25.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44214 (GCVE-0-2023-44214)

    Vulnerability from nvd – Published: 2023-10-05 21:57 – Updated: 2024-09-20 13:12
    VLAI
    Summary
    Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Agent Affected: unspecified , < 35739 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:59:51.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5902",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5902"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:36:37.345471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T13:12:51.119Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35739",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T21:57:00.522Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5902",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5902"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-44214",
        "datePublished": "2023-10-05T21:57:00.522Z",
        "dateReserved": "2023-09-26T20:08:46.835Z",
        "dateUpdated": "2024-09-20T13:12:51.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44213 (GCVE-0-2023-44213)

    Vulnerability from nvd – Published: 2023-10-05 21:56 – Updated: 2024-09-10 15:48
    VLAI
    Summary
    Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 35739 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 37391 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:59:51.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5286",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35739",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37391",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T15:48:22.536Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5286",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5286"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-44213",
        "datePublished": "2023-10-05T21:56:48.957Z",
        "dateReserved": "2023-09-26T20:08:46.835Z",
        "dateUpdated": "2024-09-10T15:48:22.536Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30413 (GCVE-0-2025-30413)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:56 – Updated: 2026-03-06 19:33
    VLAI
    Summary
    Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 40497 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Credits
    Airbus SecLab (mailto:vuln@airbus.com) Quentin Liddell (mailto:vuln@airbus.com) Mattéo Ricordeau (mailto:vuln@airbus.com) Benoît Camredon (mailto:vuln@airbus.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:29:48.093663Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:33:57.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40497",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SecLab (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Quentin Liddell (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Matt\u00e9o Ricordeau (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Beno\u00eet Camredon (mailto:vuln@airbus.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:56:29.887Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-8658",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-8658"
            },
            {
              "name": "SEC-9386",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-9386"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-30413",
        "datePublished": "2026-03-05T23:56:29.887Z",
        "dateReserved": "2025-03-21T21:04:39.511Z",
        "dateUpdated": "2026-03-06T19:33:57.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28713 (GCVE-0-2026-28713)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:51 – Updated: 2026-03-07 04:55
    VLAI
    Summary
    Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36943 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28713",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-07T04:55:22.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "VMware"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36943",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "VMware"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:51:30.830Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4168",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4168"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28713",
        "datePublished": "2026-03-05T23:51:30.830Z",
        "dateReserved": "2026-03-03T02:29:03.753Z",
        "dateUpdated": "2026-03-07T04:55:22.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11790 (GCVE-0-2025-11790)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:47 – Updated: 2026-03-06 19:34
    VLAI
    Summary
    Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Credits
    Airbus SecLab (mailto:vuln@airbus.com) Quentin Liddell (mailto:vuln@airbus.com) Mattéo Ricordeau (mailto:vuln@airbus.com) Benoît Camredon (mailto:vuln@airbus.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:29:54.540014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:34:40.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SecLab (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Quentin Liddell (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Matt\u00e9o Ricordeau (mailto:vuln@airbus.com)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Beno\u00eet Camredon (mailto:vuln@airbus.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:47:00.724Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9386",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9386"
            },
            {
              "name": "SEC-8658",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-8658"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11790",
        "datePublished": "2026-03-05T23:47:00.724Z",
        "dateReserved": "2025-10-15T13:25:36.751Z",
        "dateUpdated": "2026-03-06T19:34:40.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11791 (GCVE-0-2025-11791)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:46 – Updated: 2026-03-06 19:34
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:29:56.807824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:34:47.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:46:27.697Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9405",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9405"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11791",
        "datePublished": "2026-03-05T23:46:27.697Z",
        "dateReserved": "2025-10-15T13:28:33.632Z",
        "dateUpdated": "2026-03-06T19:34:47.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11792 (GCVE-0-2025-11792)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:45 – Updated: 2026-03-06 19:34
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Credits
    @satz4797 (https://hackerone.com/satz4797)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-06T19:31:24.491842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-06T19:34:53.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@satz4797 (https://hackerone.com/satz4797)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-05T23:45:55.938Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9439",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9439"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11792",
        "datePublished": "2026-03-05T23:45:55.938Z",
        "dateReserved": "2025-10-15T13:31:56.963Z",
        "dateUpdated": "2026-03-06T19:34:53.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28727 (GCVE-0-2026-28727)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:45 – Updated: 2026-04-02 17:05
    VLAI
    Summary
    Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @aiqitut (https://hackerone.com/aiqitut)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-07T04:55:25.648024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T13:47:56.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@aiqitut (https://hackerone.com/aiqitut)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:05:54.369Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9408",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9408"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28727",
        "datePublished": "2026-03-05T23:45:20.331Z",
        "dateReserved": "2026-03-03T02:29:03.754Z",
        "dateUpdated": "2026-04-02T17:05:54.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-48676 (GCVE-0-2023-48676)

    Vulnerability from cvelistv5 – Published: 2023-12-14 13:32 – Updated: 2024-08-02 21:37
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36943 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:54.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5905",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5905"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36943",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T13:32:28.791Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5905",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5905"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-48676",
        "datePublished": "2023-12-14T13:32:28.791Z",
        "dateReserved": "2023-11-17T14:33:30.399Z",
        "dateUpdated": "2024-08-02T21:37:54.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45247 (GCVE-0-2023-45247)

    Vulnerability from cvelistv5 – Published: 2023-10-09 11:09 – Updated: 2025-06-16 17:05
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36497 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 39169 (semver)
    Create a notification for this product.
    acronis agent Affected: 0 , < 36497 (semver)
        cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6600",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6600"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "36497",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45247",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T17:05:17.803696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T17:05:43.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36497",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39169",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-02T15:25:01.362Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6600",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6600"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45247",
        "datePublished": "2023-10-09T11:09:00.897Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2025-06-16T17:05:43.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45248 (GCVE-0-2023-45248)

    Vulnerability from cvelistv5 – Published: 2023-10-09 11:08 – Updated: 2025-06-16 17:06
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36497 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 37391 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6052",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6052"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T16:09:28.243028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T17:06:45.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36497",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37391",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T16:55:03.256Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6052",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6052"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45248",
        "datePublished": "2023-10-09T11:08:37.009Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2025-06-16T17:06:45.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45246 (GCVE-0-2023-45246)

    Vulnerability from cvelistv5 – Published: 2023-10-06 10:07 – Updated: 2025-01-02 15:25
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 36343 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 39169 (semver)
    Create a notification for this product.
    acronis cyber_protect_cloud_agent Affected: 0 , < 36343 (semver)
        cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5903",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5903"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cyber_protect_cloud_agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "36343",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:26:17.297377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T18:30:05.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36343",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39169",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-02T15:25:18.885Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5903",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5903"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45246",
        "datePublished": "2023-10-06T10:07:06.167Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2025-01-02T15:25:18.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45245 (GCVE-0-2023-45245)

    Vulnerability from cvelistv5 – Published: 2023-10-06 09:53 – Updated: 2024-09-19 18:30
    VLAI
    Summary
    Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Agent Affected: unspecified , < 36119 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6017",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6017"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T18:30:32.703074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T18:30:43.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "36119",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T09:53:55.524Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6017",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6017"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45245",
        "datePublished": "2023-10-06T09:53:55.524Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2024-09-19T18:30:43.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45244 (GCVE-0-2023-45244)

    Vulnerability from cvelistv5 – Published: 2023-10-06 09:47 – Updated: 2024-08-02 20:14
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 35895 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 37391 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5907",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35895",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "macOS",
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37391",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-27T16:53:48.749Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5907",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5907"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-45244",
        "datePublished": "2023-10-06T09:47:15.441Z",
        "dateReserved": "2023-10-05T21:47:00.379Z",
        "dateUpdated": "2024-08-02T20:14:19.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }